<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=838040614-28082008><FONT face=Arial
color=#0000ff size=2>Well physical security would normally be assumed by the
person running the data center.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=838040614-28082008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=838040614-28082008><FONT face=Arial
color=#0000ff size=2>I accept no responsibility for improperly physically
secured systems ;-)</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Mark J [mailto:markju@gmail.com]
<BR><B>Sent:</B> Thursday, August 28, 2008 8:10 AM<BR><B>To:</B> Philip
Walenta<BR><B>Cc:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B> Re:
[cisco-voip] CUCM6 linux distro<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr>Secure unless you have physical access to the device and you're
able to make your own root user account on the device...<BR><BR><BR><BR>
<DIV class=gmail_quote>2008/8/28 Philip Walenta <SPAN dir=ltr><<A
href="mailto:pwalenta@wi.rr.com">pwalenta@wi.rr.com</A>></SPAN><BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">The
RHEL3 that Cisco uses is hardened. They also run CSA (Cisco
security<BR>agent) on the appliance. It's a very tough box to crack.
I believe the<BR>only things found to date have been various
buffer/stack overflows when<BR>targeting specific fields in SIP and
SCCP.<BR><BR>In short it is a pretty darn secure system.<BR>
<DIV>
<DIV></DIV>
<DIV class=Wj3C7c><BR>-----Original Message-----<BR>From: <A
href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</A><BR>[mailto:<A
href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</A>]
On Behalf Of<BR><A
href="mailto:A.L.M.Buxey@lboro.ac.uk">A.L.M.Buxey@lboro.ac.uk</A><BR>Sent:
Thursday, August 28, 2008 3:36 AM<BR>To: Voice Noob<BR>Cc: <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>Subject:
Re: [cisco-voip] CUCM6 linux distro<BR><BR>Hi,<BR>> Database is informix.
Distro is RHEL.<BR>> Why does it matter what they are. It is an appliance
and the give you<BR>> the tools t<BR><BR>security would be the obvious
answer. is the distro and packages up to date<BR>- what services does it
run, are they listening on any ports, is there a<BR>firewall used to protect
listening ports or are services carefully<BR>configured to negate this.<BR>are
default or known username/passwords on the
system..hardcoded<BR>dbadmin/dbpass, for example. in 'ye olde days' when
an applicance was coded<BR>for its purpose..didnt matter as much. now, when
appliances are based on<BR>Linux, Windows (or OSX!) these things are of a
major concern...you have a<BR>fully operational system that, if compromised
would/could give enhanced<BR>access to the network and other systems..<BR>but
also then be subverted for free trunk calls to south asia or
greenland<BR>etc.<BR><BR>alan<BR>_______________________________________________<BR>cisco-voip
mailing list<BR><A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR><A
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target=_blank>https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR><BR>_______________________________________________<BR>cisco-voip
mailing list<BR><A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR><A
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target=_blank>https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR></DIV></DIV></BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>