cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
3
Replies

Cisco VOIP configuration file

zain-3-4
Level 1
Level 1

Hello Cisco community,

I have query regarding for VOIP configuration file, i was able to pull all company's configuration file for each telephone which its extension end with ".cnf.xml.sgn" now we're doing hardening is it possible to disable or protect these files? since i accessed them without being authenticated and I accessed them from normal workstation. 

 

Best regards 

1 Accepted Solution

Accepted Solutions

M02@rt37
VIP
VIP

Hello @zain-3-4 

The .cfn.xml.sgn files are usually stored on a TFTP server. TFTP is inherently insecure because it doesn’t require authentication or encryption. So, restrict access to the TFTP server to only authorized devices (e.g., IP phones) by using Fw rules or access ACL. Ensure that only IP addresses of trusted devices or subnets (like your phone network) can connect to the TFTP server...

Do you have segmented the VoIP network from the regular data network ? ...using VLANs and ensure that the VoIP network is not accessible from regular workstations.

 

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

3 Replies 3

M02@rt37
VIP
VIP

Hello @zain-3-4 

The .cfn.xml.sgn files are usually stored on a TFTP server. TFTP is inherently insecure because it doesn’t require authentication or encryption. So, restrict access to the TFTP server to only authorized devices (e.g., IP phones) by using Fw rules or access ACL. Ensure that only IP addresses of trusted devices or subnets (like your phone network) can connect to the TFTP server...

Do you have segmented the VoIP network from the regular data network ? ...using VLANs and ensure that the VoIP network is not accessible from regular workstations.

 

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

your post is very useful but I have question what is the best practice in this case? leaving accessible to everyone or restrict access to TFTP server to specific IPs?  

@zain-3-4 

restrict access to TFTP server to specific IPs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.