[cisco-voip] user access to ccmuser web pages
Eric Pedersen
eric.pedersen at sait.ca
Fri Sep 28 16:07:12 EDT 2007
Thanks Wes. Filtering management IP address is standard security
practice on routers and switches, and is easy to implement. Do you know
if there is a feature request for something similar in callmanager?
________________________________
From: Wes Sisk [mailto:wsisk at cisco.com]
Sent: September 28, 2007 13:03
To: Eric Pedersen
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] user access to ccmuser web pages
Eric,
Good clarification. Nothing built into the product to allow this, but
sounds like a good use of a proxy server. AONS/firewall would not work
because it's https and encrypted on the wire.
/Wes
Eric Pedersen wrote:
I wasn't clear enough. We have a limited range of IP addresses
that are trusted for callmanager administration, and we have larger IP
ranges where our general user population reside. I would like to filter
what networks can access ccmadmin, os admin, etc. so that the general
user population can't even get to the login screen. Because ccmadmin
and ccmuser use the same tcp ports, and I haven't found any way to
change this, I cannot simply filter admin access with router ACLs.
Simple username and password authentication isn't a particularly
secure way to protect such a key piece of infrastructure ... you're just
one accidental password disclosure or web server bug away from a hacked
callmanager.
________________________________
From: Wes Sisk [mailto:wsisk at cisco.com]
Sent: September 28, 2007 12:14
To: Eric Pedersen
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] user access to ccmuser web pages
check out the "Standard CCM End Users" group.
Eric Pedersen wrote:
I'm using callmanager 5.1. I want to enable general
user access to the callmanager ccmuser web pages. I have not seen any
way to allow this without also giving access to ccmadmin/osadmin/etc.
web pages, which I don't want to do for obvious security reasons. Is
there a way to do this?
Thanks,
Eric
________________________________
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20070928/5a700cd3/attachment.html
More information about the cisco-voip
mailing list