<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV><FONT face=Arial size=2>With IIS, you can modify the IIS controls. You have
to be very careful of this though since you can break things quite
easily.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The one other reason I wanted to do this was to
'hide' the corporate directory, which needs no userID/password at all. If you
had some unlisted numbers, users could easily find them.</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=eric.pedersen@sait.ca href="mailto:eric.pedersen@sait.ca">Eric
Pedersen</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=wsisk@cisco.com
href="mailto:wsisk@cisco.com">Wes Sisk</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=cisco-voip@puck.nether.net
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, September 28, 2007 2:31
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [cisco-voip] user access to
ccmuser web pages</DIV>
<DIV><BR></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=491191618-28092007>I wasn't clear enough. We have a
limited range of IP addresses that are trusted for callmanager
administration, and we have larger IP ranges where our general user population
reside. I would like to filter what networks can access ccmadmin, os
admin, etc. so that the general user population can't even get to the login
screen. Because ccmadmin and ccmuser use the same tcp ports, and I
haven't found any way to change this, I cannot simply filter admin access with
router ACLs.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=491191618-28092007></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=491191618-28092007>Simple username and password authentication isn't a
particularly secure way to protect such a key piece of infrastructure ...
you're just one accidental password disclosure or web server bug away from a
hacked callmanager. </SPAN></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Wes Sisk [mailto:wsisk@cisco.com]
<BR><B>Sent:</B> September 28, 2007 12:14<BR><B>To:</B> Eric
Pedersen<BR><B>Cc:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B> Re:
[cisco-voip] user access to ccmuser web pages<BR></FONT><BR></DIV>
<DIV></DIV>check out the "Standard CCM End Users" group.<BR><BR>Eric Pedersen
wrote:
<BLOCKQUOTE
cite=mid:A58F94A553BA4742821241C8F3E76C9F04494A00@EX2.ACDM.DS.SAIT.CA
type="cite">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR>
<DIV><SPAN class=933023516-28092007><FONT face=Arial size=2>I'm using
callmanager 5.1. I want to enable general user access to the
callmanager ccmuser web pages. I have not seen any way to allow this
without also giving access to ccmadmin/osadmin/etc. web pages, which I
don't want to do for obvious security reasons. Is there a way to do
this?</FONT></SPAN></DIV>
<DIV><SPAN class=933023516-28092007></SPAN> </DIV>
<DIV><SPAN class=933023516-28092007><FONT face=Arial
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=933023516-28092007><FONT face=Arial
size=2>Eric</FONT></SPAN></DIV><PRE wrap=""><HR width="90%" SIZE=4>
_______________________________________________
cisco-voip mailing list
<A class=moz-txt-link-abbreviated href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A>
<A class=moz-txt-link-freetext href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A></PRE></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>cisco-voip mailing
list<BR>cisco-voip@puck.nether.net<BR>https://puck.nether.net/mailman/listinfo/cisco-voip</BLOCKQUOTE></BODY></HTML>