Re: Toll Fraud Prevention on CCME

J_Vansen_S · ‎01-09-2011

Hi all,

We have recently deployed a simple CCME+CUE router and ASA firewall for a client.

Apparently all calls are made through 4 FXO Anolog lines to the Telephone provider.

No Sip/h323 ITSP or etc.

My client is cautious about their analog lines being hacked to make international calls.

Is there any hardening steps that i need to make on the CCME router or ASA firewall to prevent this?

Since there is no SIP/h323 services on the network.

For prevention would it be appropriate if i were to block all incoming SIP 5060 port at the ASA firewall?

Please advise

Regards: Jocelyn

paolo bevilacqua · ‎01-09-2011

Any firewall or nat router blocks incoming connection by default already.

For more information on the subject, use the search box her or on cisco.com.

J_Vansen_S · ‎01-09-2011

Thanks for the info;

I would have thought so, as firewall has implicit deny on every end of rule.

So does it mean that without doing anything else i am safe from Toll fraud at this point?

I have read that it is advisable to upgrade the IOS to 15.1(2)T since it has a Toll Fraud Enchancement feature?

I am currently running Version 15.0(1)XA.

If so; is there a cost incurred in terms of licensing to upgrade to 15.1(2)T from 15.0(1)XA

Regards: Jocelyn

paolo bevilacqua · ‎01-10-2011

You don't need improved security because the device is not reachable from the Internet.

The same security would be obtainable alsowith any other IOS version.

For updates, you need a smartnet contract.

Please remember to rate useful posts clicking on the stars below.

J_Vansen_S · ‎01-10-2011

Thanks again for the clarification

I came across an article about UC500 breaching via the CUE voicemail module instead of WAN facing
http://community.spiceworks.com/topic/111962?page=1

Am i also safe from this breach given that i have an ASA firewall facing WAN