ATA Security

[Planetmaker]

Hi,

I have found that (anyone) browsing to the IP address of an ATA brings up a config page from which you can change the device's address thus compromising the network! You don't even need to enter the a password! There is an option to enter a password and so lock it down but how do I apply this globally to all ATA's? We have about 180!

Also is there anyway we can change the duplex on an ATA? We have some mismatches going on on the network.

Thanks in advance.

 

[ADB100]

To sucessfully deploy ATA 18x's you should initially build the 'atadefault.cfg' file where you can set two passwords - one for the GUI and one for the TFTP provisioning file.

http://www.cisco.com/en/US/docs/voi...glish/administration/guide/sccp/sccpach3.html

http://www.cisco.com/en/US/products/hw/gatecont/ps514/products_qanda_item09186a00800946e1.shtml

http://www.cisco.com/en/US/products...s_configuration_example09186a00800c3a50.shtml

Once you have created the initial text file it must be converted to binary and placed in the root of the TFTP server. You can also create unique files for each ATA 18x's. I assume you have these in a CallManager environment so you will only need the single 'atadefault.cfg' file. I would advise against encrypring the TFTP file as you can get yourself in a chicken-and-egg situation...

Andy

 

[Planetmaker]

Thanks Andy, I take it it's okay to retrofit this file?

 

[ADB100]

I take it it's okay to retrofit this file?

I am not sure, it's not something I have ever tested. It might be worth creating the file and testing with an ATA that's not too important.

Andy