CME open to the public Internet

Unanswered Question
May 23rd, 2008
User Badges:

If I were to open the ports needed for a skinny protocol phone to connect to the CME how can I prevent unauthorized phones from logging in and being assigned an extension? I am not worried about encrypting the data but would like to have some type of authentication involved.


Thanks,

Diego

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
paolo bevilacqua Fri, 05/23/2008 - 07:24
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Actually only phones with a MAC address configured in the system will be given an extension.


Hope this helps, please rate post if it does!

DIEGO ALONSO Fri, 05/23/2008 - 07:37
User Badges:

Not necessarily our system has autodiscovered all phones connected the the local LAN. I am guessing via CDP or something. My hope is that whatever technique is used to autoconfigure local LAN phones is not available via WAN.


Diego

paolo bevilacqua Fri, 05/23/2008 - 08:16
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

The phone may autoregister is so configured under telephony-service, however an unknow mac will have no DN assigned and cannot call out neither receive calls.

paolo bevilacqua Fri, 05/23/2008 - 09:24
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Ah, forgot to mention, by default SIP is open and that is a BIG risk, you need an ACL blocking incoming udp/tcp port 5060 on the internet interface.

Actions

This Discussion