[cisco-voip] CCMuser pages or not? (CUCM v7)

Scott Voll svoll.voip at gmail.com
Fri Feb 25 10:06:34 EST 2011 

So is it pretty easy to crack a user / password on CM?

I'm thinking we have created non-standard user accounts for both platform
and application.  then you have to crack the password on top of that.  So
I'm just thinking...... IF they find the admin page  and IF they find the
user account....... THEN how long would it take to crack the password?
 If authentication fails twice...... I get an email.

I could very easily also put a Log'd ACL on port 443 for the CM and if I did
get an email about a failed attempt, I would look at the log, and go find
the person.

Scott

On Fri, Feb 25, 2011 at 5:56 AM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

> I'm just wondering what others are doing to deliver CCMuser pages and/or
> equivalent while protecting the CCMadmin pages.
>
> As far as I know, you can not change the port on which CCMadmin pages are
> served. This means someone who can reach the CCMuser pages can also reach
> the CCMadmin pages.
>
> In this world of people writing passwords on post-it notes, weak passwords,
> shared passwords, workstations without proper protection, etc., thus worries
> me. Our environment here can be considered a bit 'hostile' since we're not
> using NAC on our wired ports and all ports are pretty much open. I'm not
> sure even VPN would help, since the same passwords are used, so a stollen
> password would get them through that.
>
> In the past we have used a reverse proxy which has worked well, but I'm
> finding it difficult to find support to get that working again. I'm also not
> sure if that is directional.
>
> What have others done to protect CCMadmin pages? Or have they simply
> implemented things using AXL?
>
> Anybody seen any packaged AXL solutions that can deliver what CCMuser pages
> can deliver?
>
> Sent from my iPhone
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110225/4a69a30c/attachment.html>

More information about the cisco-voip mailing list