[cisco-voip] IM&P - Jabber for Everyone, MRA and private/public IP addressing

Anthony Holloway avholloway+cisco-voip at gmail.com
Mon Jul 27 13:06:37 EDT 2015


I just want to raise a point for us voice people, who do not typically live
in the security world, but a compromised Expressway-E with one leg in the
Internal swimming pool could compromise your entire internal network.  The
dual interface option would be best deployed with two DMZs on the firewall
to remain control of the traffic which egresses the Expressway-E towards
the inside.

Something like DMZ1 and DMZ2, or simply DMZ (existing DMZ at customer site)
and CollabEdge (new DMZ name for Expressway-E).

Don't ask me how this compromise could happen, as I'm not a hacker, but I
would think anyone with a black hat night hobby could explain buffer
overruns and gaining the ability to run commands on the remote system as
root.

On Mon, Jul 27, 2015 at 9:13 AM Matthew Loraditch <
MLoraditch at heliontechnologies.com> wrote:

>  Inline
>
> Feel free to ask me more. I haven’t done it at your scale, but I have the
> entire expressway feature set deployed.
>
>
>
> Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
> Network Engineer
> Direct Voice: 443.541.1518
>
>  Facebook <https://www.facebook.com/heliontech?ref=hl> | Twitter
> <https://twitter.com/HelionTech> | LinkedIn
> <https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> |
> G+ <https://plus.google.com/+Heliontechnologies/posts>
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Lelio Fulgenzi
> *Sent:* Monday, July 27, 2015 9:55 AM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] IM&P - Jabber for Everyone, MRA and
> private/public IP addressing
>
>
>
>
>
> Just curious what people's thoughts are about Jabber for Everyone, MRA
> (via expressway) and private/public IP addressing of the presence servers.
> I've tried to find some documents that explain things, even in summary
> format, but with no luck.
>
>
>
> My (random) concerns:
>
>
>
> - does expressway support third party xmpp clients? No
>
> - does expressway support jabber for everyone? (IM&P only) Yes
>
> - does expressway scale to the possibly 25,000 IM users I might have? No,
> See here:
> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/sizing.html#pgfId-1284691
>
> I would doubt you’d ever have all 25k users off site though… expressway is
> only for remote users
>
> - expressway does not support all the on premise features, like file
> transfer -
> http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/release_note/Cisco-Expressway-Release-Note-X8-5-1.pdf
>
> Scroll to page 7 bottom
>
> - do i use private or public IP addresses? Your expressway-e(s) is/are
> the only server(s) that gets exposed to the internet and even then you can
> NAT it and use 2 interfaces, one internal and one DMZ
> - no real details on how to deploy presence server on public IP but still
> use expressway for UC – You don’t put a Presence server on a public ip.
> All External (MRA/XMPP/B2B) is via Expressway if you have it.
>
>
>
> Any ideas or pointers would help... Thanks!
>
>
>
> Lelio
>
>
>
>
>
>
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
>
>
>
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>
>
>  _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150727/83b6154c/attachment.html>


More information about the cisco-voip mailing list