[cisco-voip] user access to ccmuser web pages

Anderson, Ian i.anderson at lancaster.ac.uk
Mon Oct 15 12:10:05 EDT 2007 

Hi 

 

We route all requests for ccmuser through a squid reverse proxy running
under linux...  Works fine and achieves what you are after

 

/Ian

 

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Eric Pedersen
Sent: 28 September 2007 21:07
To: Wes Sisk
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] user access to ccmuser web pages

 

Thanks Wes.  Filtering management IP address is standard security
practice on routers and switches, and is easy to implement.  Do you know
if there is a feature request for something similar in callmanager?

________________________________

From: Wes Sisk [mailto:wsisk at cisco.com] 
Sent: September 28, 2007 13:03
To: Eric Pedersen
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] user access to ccmuser web pages

Eric,

Good clarification.  Nothing built into the product to allow this, but
sounds like a good use of a proxy server. AONS/firewall would not work
because it's https and encrypted on the wire.

/Wes

Eric Pedersen wrote: 

I wasn't clear enough.  We have a limited range of IP addresses that are
trusted for callmanager administration, and we have larger IP ranges
where our general user population reside.  I would like to filter what
networks can access ccmadmin, os admin, etc. so that the general user
population can't even get to the login screen.  Because ccmadmin and
ccmuser use the same tcp ports, and I haven't found any way to change
this, I cannot simply filter admin access with router ACLs.

 

Simple username and password authentication isn't a particularly secure
way to protect such a key piece of infrastructure ... you're just one
accidental password disclosure or web server bug away from a hacked
callmanager. 

 

________________________________

From: Wes Sisk [mailto:wsisk at cisco.com] 
Sent: September 28, 2007 12:14
To: Eric Pedersen
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] user access to ccmuser web pages

check out the "Standard CCM End Users" group.

Eric Pedersen wrote: 

I'm using callmanager 5.1.  I want to enable general user access to the
callmanager ccmuser web pages.  I have not seen any way to allow this
without also giving access to ccmadmin/osadmin/etc. web pages, which I
don't want to do for obvious security reasons.  Is there a way to do
this?

 

Thanks,

Eric



________________________________



 
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20071015/d13933f8/attachment.html

More information about the cisco-voip mailing list