Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SIP GW Compromised

Hi, I have been asked to look into a customer issue where his SIP GW is compromised, people from the internet make calls through the SIP GW which is then routed via the PSTN. I know that I can implement some security measure by configuring ACLs and only allowing the SIP PROXY address to be allowed through but what other security measures are needed?

Thanks

2 REPLIES
Green

Re: SIP GW Compromised

Its important to deploy Firewalls to allow only specific Internet hosts to reach our devices

Apply latest updates meaning running recent IOS version

Monitor SIP GW with CDR for tracking calls

Please take a look at this:

http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b20ee9.html

New Member

Re: SIP GW Compromised

Hi, After checking their network it's obvious they don't have any security policy implemented, they use 2801 ISR doing everything from routing to security and VOIP for them but they have no security rules configured. I simply applied some ACLS blocking connectivity to SIP and H323 from the net.

196
Views
0
Helpful
2
Replies
CreatePlease login to create content