Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
215
Views
0
Helpful
2
Replies

how can we secure Call manager with all these microsoft security breaches

jkoniecki
Level 1
Level 1

‎08-24-2002 07:59 PM - edited ‎03-12-2019 08:29 PM

http://www.cnn.com/2002/TECH/internet/08/23/microsoft.security.reut/index.html

SEATTLE, Washington (Reuters) -- Microsoft Corp. said Thursday that "critical" security lapses in its Office software and Internet Explorer Web browser put tens of millions of users at risk of having their files read and altered by online attackers

Any suggestions besides shuting down unnecessary services and IDS host sensor ?

Jim K

Labels:
0 Helpful
2 Replies 2

jmessina
Level 1
Level 1

‎08-25-2002 09:47 AM

suggestions? sure!

dont install Money 2002 on Call Manager!

seriously though these are obvioulsy important security issues but I dont see how they apply directly to CCM since office,money etc shouldnt be running on CCM anyway and in terms of IE holes, you shouldnt need to browse from CCM. How often did you browse the internet of create word doc's from your G3 before you went IP ?

0 Helpful

kenjohnson
Level 1
Level 1

‎08-25-2002 03:59 PM

Don't forget the most obvious answer - though one that admittedly is hard to remember when first approaching CM - there is usually NO NEED for non-telphony end user devices to have to be able to access the CM - this includes computers on your lan, and definitely not computers on the Internet.

Now there are exceptions - but there are ways around some of them.

By and large - set up ACLs on your cat switches so that NO DEVICES except for your IP Phones (which should be in their own subnets and AUX VLANs right?) and the gateways can even communicate with the call managers.

Then make exceptions for your administration stations - should be only a few.

Then you don't even have access granted to useable consoles - unless they find a way to break into your auxillary VLANS and fake being an IP phone...

SOme exceptions you'll have to look out for:

If you're using TAPI dialers you'll have to have at least one call manager reachable - don't make it your publisher - if necessary - make it do nothing but service TAPI clients - some vulnerability to intrusion there - but little vulnerability of your main CM system to DOS then...

Clients which want to access the CM webpages:

Set up apache as a proxy to a CM subscriber - grant access to the CM only to the secured Apache server...

Using these suggestions you can make it pretty difficult to suffer problems...

- Ken

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents