[cisco-voip] CCMuser pages or not? (CUCM v7)

Lelio Fulgenzi lelio at uoguelph.ca
Fri Feb 25 10:20:03 EST 2011 

A hacking attempt is one thing, using a password they obtained from a keyboard logger or a post-it or a shared password that hasn't been changed is another. Even so, we have over 15,000 ports on campus so finding them wouldn't be easy. 

Sent from my iPhone

On Feb 25, 2011, at 10:16 AM, Scott Voll <svoll.voip at gmail.com> wrote:

> So is it pretty easy to crack a user / password on CM?
> 
> I'm thinking we have created non-standard user accounts for both platform and application.  then you have to crack the password on top of that.  So I'm just thinking...... IF they find the admin page  and IF they find the user account....... THEN how long would it take to crack the password?  If authentication fails twice...... I get an email.
> 
> I could very easily also put a Log'd ACL on port 443 for the CM and if I did get an email about a failed attempt, I would look at the log, and go find the person.
> 
> Scott
> 
> On Fri, Feb 25, 2011 at 5:56 AM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
> I'm just wondering what others are doing to deliver CCMuser pages and/or equivalent while protecting the CCMadmin pages.
> 
> As far as I know, you can not change the port on which CCMadmin pages are served. This means someone who can reach the CCMuser pages can also reach the CCMadmin pages.
> 
> In this world of people writing passwords on post-it notes, weak passwords, shared passwords, workstations without proper protection, etc., thus worries me. Our environment here can be considered a bit 'hostile' since we're not using NAC on our wired ports and all ports are pretty much open. I'm not sure even VPN would help, since the same passwords are used, so a stollen password would get them through that.
> 
> In the past we have used a reverse proxy which has worked well, but I'm finding it difficult to find support to get that working again. I'm also not sure if that is directional.
> 
> What have others done to protect CCMadmin pages? Or have they simply implemented things using AXL?
> 
> Anybody seen any packaged AXL solutions that can deliver what CCMuser pages can deliver?
> 
> Sent from my iPhone
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110225/fa1f5f45/attachment.html>

More information about the cisco-voip mailing list