08-12-2024 12:44 AM
Hello Cisco community,
I have query regarding for VOIP configuration file, i was able to pull all company's configuration file for each telephone which its extension end with ".cnf.xml.sgn" now we're doing hardening is it possible to disable or protect these files? since i accessed them without being authenticated and I accessed them from normal workstation.
Best regards
Solved! Go to Solution.
08-12-2024 03:34 AM
Hello @zain-3-4
The .cfn.xml.sgn files are usually stored on a TFTP server. TFTP is inherently insecure because it doesn’t require authentication or encryption. So, restrict access to the TFTP server to only authorized devices (e.g., IP phones) by using Fw rules or access ACL. Ensure that only IP addresses of trusted devices or subnets (like your phone network) can connect to the TFTP server...
Do you have segmented the VoIP network from the regular data network ? ...using VLANs and ensure that the VoIP network is not accessible from regular workstations.
08-12-2024 03:34 AM
Hello @zain-3-4
The .cfn.xml.sgn files are usually stored on a TFTP server. TFTP is inherently insecure because it doesn’t require authentication or encryption. So, restrict access to the TFTP server to only authorized devices (e.g., IP phones) by using Fw rules or access ACL. Ensure that only IP addresses of trusted devices or subnets (like your phone network) can connect to the TFTP server...
Do you have segmented the VoIP network from the regular data network ? ...using VLANs and ensure that the VoIP network is not accessible from regular workstations.
08-12-2024 02:23 PM
your post is very useful but I have question what is the best practice in this case? leaving accessible to everyone or restrict access to TFTP server to specific IPs?
08-13-2024 12:52 AM
restrict access to TFTP server to specific IPs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide