[cisco-voip] CCMuser pages or not? (CUCM v7)

Lelio Fulgenzi lelio at uoguelph.ca
Fri Feb 25 08:56:54 EST 2011


I'm just wondering what others are doing to deliver CCMuser pages and/or equivalent while protecting the CCMadmin pages. 

As far as I know, you can not change the port on which CCMadmin pages are served. This means someone who can reach the CCMuser pages can also reach the CCMadmin pages. 

In this world of people writing passwords on post-it notes, weak passwords, shared passwords, workstations without proper protection, etc., thus worries me. Our environment here can be considered a bit 'hostile' since we're not using NAC on our wired ports and all ports are pretty much open. I'm not sure even VPN would help, since the same passwords are used, so a stollen password would get them through that. 

In the past we have used a reverse proxy which has worked well, but I'm finding it difficult to find support to get that working again. I'm also not sure if that is directional. 

What have others done to protect CCMadmin pages? Or have they simply implemented things using AXL?

Anybody seen any packaged AXL solutions that can deliver what CCMuser pages can deliver?

Sent from my iPhone



More information about the cisco-voip mailing list