Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CUBE Security Assistance ...?

Hello Experts,

                     We are running our head office on CUBE with 100session sip calls with UCM environment..Recently discovered that there is no security at sip provider side and hackers are hitting lot of traffic on CUBE interface so I was wondering what is the best practice security configuration to prevent rest of traffic on interface other than SIP traffic.

Any sugguestions and sample configuration will be great help and appricatiated please.

We tested by telnet public IP and ports and it is quite very open though.

CUBE is not behind firewall.10Meg Internet straight from provider to CUBE.

Device details:

Model:Cisco CISCO3925

code:c3900-universalk9-mz.SPA.152-4.M1.bin

Interface:

interface GigabitEthernet0/2

description *** SIP Interface To Provider ***

ip address 2XX.XXX.XX.XX 255.255.255.XXX PUBLIC IP

ip flow ingress

ip flow egress

standby delay minimum 30 reload 60

standby version 2

standby 1 ip 2XX.XXX.XX.XX

standby 1 timers 2 6

standby 1 priority 50

standby 1 preempt

standby 1 track 1 decrement 10

ip traffic-export apply TAC size 5000000

duplex auto

speed auto

We have no access list configured.

Thank you.

1 REPLY

CUBE Security Assistance ...?

You should atleast have configured an ACL, to allow traffic to the SIP provider and deny all other traffic. Eventually you will need to find out what ports to allow and disallow to the SIP provider.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

HTH

Regards,

Yosh

HTH Regards, Yosh
95
Views
0
Helpful
1
Replies
CreatePlease to create content