cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
388
Views
0
Helpful
2
Replies

Virus protection with 8.6

Karl Jacobsen
Level 1
Level 1

My company employes teachers aound the world and there has bee talk about handing out IP Communicator to them. Currently we allow our users to VPN to our Cisco firewall for access to our fileshares and voice servers. We are using Cisco AnyConnect client and clientless depending on weather or not they have managed machines. We have setup an additional VPN profile for an non-managed machine that needs to IP Communicator. This profile only gives acess to the voice VLAN including the two CUCM and two Unity servers. We are running CUCM and Unity Connection 8.6 so all servers are Linux based. What are the risks of exposing these servers to unmanaged (potentially unpatched or virus infected) machines? Is there a best practice for this?

1 Accepted Solution

Accepted Solutions

Chris Deren
Hall of Fame
Hall of Fame

Karl,

Linux based CUCM/UCXN/etc are appliances with no access to underlying OS kernel, so catching viruses is impossible. The bigger risk is hacking of the appliance and taking over your voice system, occasionally Cisco announces security vulnerabilities against specific versions of applications via a particular protocol, most often SIP, so there is always that risk. Hence the best practice is to keep in the servers on an internal network which I take it you are doing.

HTH,

Chris

View solution in original post

2 Replies 2

Chris Deren
Hall of Fame
Hall of Fame

Karl,

Linux based CUCM/UCXN/etc are appliances with no access to underlying OS kernel, so catching viruses is impossible. The bigger risk is hacking of the appliance and taking over your voice system, occasionally Cisco announces security vulnerabilities against specific versions of applications via a particular protocol, most often SIP, so there is always that risk. Hence the best practice is to keep in the servers on an internal network which I take it you are doing.

HTH,

Chris

Thanks Chris,

     Yes we run our VIOP servers behind our firewall. It sounds like there's nothing to worry about.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: