[cisco-voip] CUCM6 linux distro
Philip Walenta
pwalenta at wi.rr.com
Thu Aug 28 10:06:54 EDT 2008
Well physical security would normally be assumed by the person running the
data center.
I accept no responsibility for improperly physically secured systems ;-)
_____
From: Mark J [mailto:markju at gmail.com]
Sent: Thursday, August 28, 2008 8:10 AM
To: Philip Walenta
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CUCM6 linux distro
Secure unless you have physical access to the device and you're able to make
your own root user account on the device...
2008/8/28 Philip Walenta <pwalenta at wi.rr.com>
The RHEL3 that Cisco uses is hardened. They also run CSA (Cisco security
agent) on the appliance. It's a very tough box to crack. I believe the
only things found to date have been various buffer/stack overflows when
targeting specific fields in SIP and SCCP.
In short it is a pretty darn secure system.
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of
A.L.M.Buxey at lboro.ac.uk
Sent: Thursday, August 28, 2008 3:36 AM
To: Voice Noob
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CUCM6 linux distro
Hi,
> Database is informix. Distro is RHEL.
> Why does it matter what they are. It is an appliance and the give you
> the tools t
security would be the obvious answer. is the distro and packages up to date
- what services does it run, are they listening on any ports, is there a
firewall used to protect listening ports or are services carefully
configured to negate this.
are default or known username/passwords on the system..hardcoded
dbadmin/dbpass, for example. in 'ye olde days' when an applicance was coded
for its purpose..didnt matter as much. now, when appliances are based on
Linux, Windows (or OSX!) these things are of a major concern...you have a
fully operational system that, if compromised would/could give enhanced
access to the network and other systems..
but also then be subverted for free trunk calls to south asia or greenland
etc.
alan
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20080828/fcfa1f16/attachment.html>
More information about the cisco-voip
mailing list