[cisco-voip] Preventing Web Access to 79xx
Ed Leatherman
ealeatherman at gmail.com
Tue Nov 3 10:55:54 EST 2009
Depending on the particular security requirements, he should still
consider disabling the web access in addition to ACLs etc.
I've had end users unplug phones, and move them to another office that
had jack with only data vlan on it. Now the phone gets a public IP
address that is potentially reachable from the anywhere. you can surf
to it and get the IP addresses of all your call manager servers, tftp
server, etc. Granted, these servers are hopefully on private IP space
- but its more information than you probably want to provide to
someone scanning port 80. Just depends on how strict your security
concerns are, or how paranoid you are I guess :)
On Tue, Nov 3, 2009 at 10:56 AM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
> Personally speaking, I would investigate using ACLs to limit access to the
> phones web browser/server. There are many services (some Cisco, some third
> party) that use the web server to do stuff, like post messages, etc.
>
> Granted, it's a little more involved, and you need to have separate voice
> and data VLANs, but it's a better long term approach. IMHO.
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
> (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> "Bad grammar makes me [sic]" - Tshirt
>
--
Ed Leatherman
More information about the cisco-voip
mailing list