Dear all gurus,
On one of my customer Cisco IPT engagement, I have been asked the following security questions on Cisco CallManager 7.x, Cisco Unity Connection 7.x, Cisco IP Contact Center Express 7.x and I would greatly appreciated if someone can shed some light on this.
Briefly describe all features and mechanisms that are available to prevent hacking of the VoIP/PBX system. Especially describe the security mechanisms in place to monitor and control any of the Cisco IPT components that interfaces to TCP/IP networks.
State the total number of passwords available in the Cisco IPT components:
• What is the total number of digits allowed in each password’s field?
• Describe each passwords hierarchical relationship.
• Describe the functionality of each of these passwords.
• Which passwords are available as part of the system’s standard package to the customer/system administrator?
• Which other, if any, passwords can be made available to the customer/system administrator?
• Can the customer/system administrator define customer passwords by functionality? Explain.
• Is the Cisco IPT servers equipped with the ability to track log-in attempts? Describe.
• Can the Cisco IPT infrastructure automatically shut down the remote access and/or local access port in the event of failed or incorrect log-in attempts?
• Explain how this is accomplished, the parameters used to establish any system thresholds used in conjunction with this feature or similar feature, any system notification capabilities etc.
Would appreciated your help on this =)