Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
260
Views
2
Helpful
2
Replies

CUCM/CUC/CER backup triggers SSH brute force attack on firewalls

Go to solution
jeffshen1215
Level 1
Level 1

‎10-15-2024 12:50 PM

We used to do daily backup for our voice cluster, CUCM/CUC/CER, to a Linux file server within the same network and works fine. However, this server was decommissioned and we have to use a RHEL9 server in other zone which have multiple firewalls in between. The backup process triggers the SSH brute force attack rules and get blocked by firewalls, eventually fail and hung the DRF service on voice servers.
Our firewall administrators have been working on this issue, but due to security policy they can't simply discard the rules. Even after they modify the firewall to allow 35K per minute SSH transmissions between voice servers and destination file server, it still not enough.

Does anyone know if we can modify backup throttling settings within the Disaster Recovery Service. If yes, would you please share the document?

Otherwise, any other ideas to solve this issue?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP

‎10-15-2024 10:24 PM

I never heard of any option to throttle the DRS backup. I think that this is something your firewall administrators need to work out a solution for or you simply use a backup destination that doesn’t traverse through a security zone.



Response Signature


View solution in original post

2 Replies 2

Go to solution
Roger Kallberg
VIP
VIP

‎10-15-2024 10:24 PM

I never heard of any option to throttle the DRS backup. I think that this is something your firewall administrators need to work out a solution for or you simply use a backup destination that doesn’t traverse through a security zone.



Response Signature


Go to solution
jeffshen1215
Level 1
Level 1

‎10-16-2024 07:11 AM

Cisco TAC provided these suggestions as best practices:

1. **Rate Limiting Adjustments**: Ensure that the rate limiting on the firewalls is configured to handle the backup traffic adequately. You may need to work with your firewall administrators to fine-tune these settings further.

2. **Backup Throttling**: Check if there are any settings within the CUCM Disaster Recovery Service that allow you to throttle or limit the rate of backup data being sent. This can help in reducing the chances of triggering the brute force attack rules.

3. **Alternative Protocols**: If possible, consider using alternative protocols for the backup process that are less likely to trigger brute force attack detections. For example, using SFTP instead of SCP might help.

4. **Firewall Exceptions**: Work with your security team to create specific exceptions for the backup traffic between the voice servers and the RHEL9 server. This might involve creating specific rules that bypass the brute force detection for this traffic.

5. **Network Segmentation**: If feasible, consider placing the backup server in a network segment that has fewer restrictive firewall rules, or within the same zone as the voice servers to minimize firewall interference.

Solution 4 and 5 will be our next approaches to fix the backup issue with firewalls.

As for solution 2, my assumption is this output likely to be AI generated. I can't find anything inside CUCM settings for such configuration.

Thanks Roger for your response and clarification!

0 Helpful
Customers Also Viewed These Support Documents