Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
2
Replies

SIP GW Compromised

hadisharifi
Level 1
Level 1

‎03-28-2010 07:43 PM - edited ‎03-15-2019 10:00 PM

Hi, I have been asked to look into a customer issue where his SIP GW is compromised, people from the internet make calls through the SIP GW which is then routed via the PSTN. I know that I can implement some security measure by configuring ACLs and only allowing the SIP PROXY address to be allowed through but what other security measures are needed?

Thanks

Labels:
0 Helpful
2 Replies 2

gogasca
Level 10
Level 10

‎03-28-2010 11:59 PM

Its important to deploy Firewalls to allow only specific Internet hosts to reach our devices

Apply latest updates meaning running recent IOS version

Monitor SIP GW with CDR for tracking calls

Please take a look at this:

http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b20ee9.html

0 Helpful

hadisharifi
Level 1
Level 1
In response to gogasca

‎03-31-2010 04:56 PM

Hi, After checking their network it's obvious they don't have any security policy implemented, they use 2801 ISR doing everything from routing to security and VOIP for them but they have no security rules configured. I simply applied some ACLS blocking connectivity to SIP and H323 from the net.

0 Helpful
Customers Also Viewed These Support Documents