03-28-2010 07:43 PM - edited 03-15-2019 10:00 PM
Hi, I have been asked to look into a customer issue where his SIP GW is compromised, people from the internet make calls through the SIP GW which is then routed via the PSTN. I know that I can implement some security measure by configuring ACLs and only allowing the SIP PROXY address to be allowed through but what other security measures are needed?
Thanks
03-28-2010 11:59 PM
Its important to deploy Firewalls to allow only specific Internet hosts to reach our devices
Apply latest updates meaning running recent IOS version
Monitor SIP GW with CDR for tracking calls
Please take a look at this:
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b20ee9.html
03-31-2010 04:56 PM
Hi, After checking their network it's obvious they don't have any security policy implemented, they use 2801 ISR doing everything from routing to security and VOIP for them but they have no security rules configured. I simply applied some ACLS blocking connectivity to SIP and H323 from the net.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide