<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Book Antiqua";
panose-1:2 4 6 2 5 3 5 3 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Book Antiqua";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:21.0cm 842.0pt;
margin:72.0pt 89.85pt 72.0pt 89.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi all, <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I’m thinking to implement Phone-proxy but I have some
concerns about overall security of this solution. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>As I understand, phone downloads its configuration in clear
text. Can this information be used for unauthorised access? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Is it possible to spoof Phone’s request and send
request with different MAC address? I know that ASA checks phone’s MIC
file and authenticates phone based on it, but what about CUPC? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>For Extension Mobility feature to work, I have to open port
8080 on Publisher for all hosts coming from Internet. I think it’s really
a huge hole in the firewall. Taking into consideration that EM request is just
normal HTTP request, it’s very easy to get user credentials and run
attack on Call Manager to trigger all phones to log off. What’s the way
to protect this port from such attacks? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font face=Verdana><span style='font-family:Verdana'><o:p> </o:p></span></font></p>
</div>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB"><FONT
face=Verdana><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: Arial">Please consider
our environment before printing this email</SPAN></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB"><FONT
face=Verdana></FONT></SPAN> </P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB"><FONT
face=Verdana>Please note that Goldman Sachs JBWere makes important disclosures
of its interests at </FONT><SPAN style="COLOR: #3366ff"><A
href="http://www.gsjbw.com/Disclosures"><SPAN
style="COLOR: #3366ff; FONT-FAMILY: Arial; mso-fareast-font-family: SimSun; mso-ansi-font-size: 8.0pt">http://www.gsjbw.com/Disclosures</SPAN></A></SPAN><FONT
face=Verdana>.<SPAN style="mso-spacerun: yes"> </SPAN>If you do not wish
to receive future communications of this nature, you can unsubscribe by going to
</FONT><A href="http://www.gsjbw.com/?p=Unsubscribe&S=%7bSender%7d"><SPAN
style="mso-ansi-font-size: 8.0pt"><FONT
face=Verdana>http://www.gsjbw.com/?p=Unsubscribe&S=Anatoly.Gavrilov@gsjbw.com</FONT></SPAN></A><FONT
face=Verdana>.<SPAN style="mso-spacerun: yes"> </SPAN>If you require any
further information regarding our SPAM policy, please email
spam-officer@gsjbw.com.<SPAN style="mso-spacerun: yes">
</SPAN></FONT></SPAN><SPAN lang=EN-US
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-US"><FONT
face=Verdana>This communication and its attachments are also subject to
copyright.<O:P></O:P></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB"><O:P><FONT
face=Verdana></FONT></O:P></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face=Verdana><SPAN
lang=EN-US
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-US">NOTICE
TO RECIPIENTS: The information contained in and accompanying this communication
may be confidential, subject to legal privilege, or otherwise protected from
disclosure, and is intended solely for the use of the intended recipient(s). If
you are not the intended recipient of this communication, please delete and
destroy all copies in your possession, notify the sender that you have received
this communication in error, and note that any review or dissemination of, or
the taking of any action in reliance on, this communication is expressly
prohibited. E-mail messages may contain computer viruses or other defects, may
not be accurately replicated on other systems, or may be intercepted, deleted or
interfered with without the knowledge of the sender or the intended
recipient. To the extent permitted by law Goldman Sachs JBWere makes no
warranties, and expressly disclaims any liability, in relation to the contents
of this message. </SPAN><SPAN lang=EN-US
style="FONT-SIZE: 8pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-US; mso-fareast-language: EN-AU">Goldman
Sachs JBWere reserves the right to intercept and monitor the content of e-mail
messages to and from its systems.<O:P></O:P></SPAN></FONT></P>
<P> </P>
</body>
</html>