Expressway Security Question

tyler-durden · ‎12-28-2019

How does Expressway validate that it's Cisco Jabber which is trying to register to CUCM and not a hacker pretending to be Jabber?

nanosynth · ‎12-28-2019

I believe it has to do with all the extensive, meticulous and painful certificate work you have to do before even starting up the jabber.

tyler-durden · ‎12-30-2019

My understanding is all the cert work is to make sure that Jabber is connecting to the server it's expected to connect to i.e. client security. I couldn't figure out any mechanism for server security

nanosynth · ‎12-30-2019

Server security regarding what type of suspected breach? I will tell you one thing that is my number 1 biggest problem with this entire Expressway setup regarding someone thinking they can crack into it one way or another. It is with port SIP 5060, if you have it open, and I do because of inbound regular URI calls from the internet that are not registered secure users of the Expressway. It is all these people running SIP scanners like 'Sipvicious' or any other type nuisance scanner that wants to worm its way into port 5060 looking for free phone calls. They just hammer your system. Not one has gone through the Expressway E to the C yet on my system because of the CPL lists I built but it has certainly piqued my interest in IPS devices. Got me an ASA5510 with the SSM-10 module doing deep packet inspection at the SDP level to identify and drop these nuisance packets/people.