<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Verdana; font-size: 10pt; color: #000000'>Interesting angle. <br><br>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>"Bad grammar makes me [sic]" - Tshirt<br><br><br>----- Original Message -----<br>From: "Ed Leatherman" <ealeatherman@gmail.com><br>To: "Lelio Fulgenzi" <lelio@uoguelph.ca><br>Cc: cisco-voip@puck.nether.net<br>Sent: Tuesday, November 3, 2009 10:55:54 AM GMT -05:00 US/Canada Eastern<br>Subject: Re: [cisco-voip] Preventing Web Access to 79xx<br><br>Depending on the particular security requirements, he should still<br>consider disabling the web access in addition to ACLs etc.<br>I've had end users unplug phones, and move them to another office that<br>had jack with only data vlan on it. Now the phone gets a public IP<br>address that is potentially reachable from the anywhere. you can surf<br>to it and get the IP addresses of all your call manager servers, tftp<br>server, etc. Granted, these servers are hopefully on private IP space<br>- but its more information than you probably want to provide to<br>someone scanning port 80. Just depends on how strict your security<br>concerns are, or how paranoid you are I guess :)<br><br>On Tue, Nov 3, 2009 at 10:56 AM, Lelio Fulgenzi <lelio@uoguelph.ca> wrote:<br>> Personally speaking, I would investigate using ACLs to limit access to the<br>> phones web browser/server. There are many services (some Cisco, some third<br>> party) that use the web server to do stuff, like post messages, etc.<br>><br>> Granted, it's a little more involved, and you need to have separate voice<br>> and data VLANs, but it's a better long term approach. IMHO.<br>><br>> ---<br>> Lelio Fulgenzi, B.A.<br>> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>> (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>> "Bad grammar makes me [sic]" - Tshirt<br>><br><br><br>-- <br>Ed Leatherman<br></div></body></html>