Best Security Practices

[mikbai]

Probably a simple request.

We're running a SX 200 ICP system, and I was wondering if anyone had a 'Best Practice' type of checklist for securing your PBX controller.

Thanks
Mike

 

[paterson]

There are 5 different levels of programming/administration access.

Installer - top
Maint1 - lower
Maint2 - lower
Supervisor - lower
Attendant - lowest

All the programming forms are adjustable for ReadWrite/ReadOnly/NoAccess per access. I would suggest changing the password for the top 3 accesses so they are not default. There are some reasons for this that are evident when accessing the maintenance side of the programming. For Mitel security, I will not relate what those reasons are on a public site.

I like having the top 2 reserved for technicians and giving the 3rd level to customers.

_______________________________________________________________

If you did not take enough time to get it right the first time...

What makes you think that you have time to fix it?

 

[JimHilton]

To add, also be sure the controller cannot be access from outside the lan unless you specifically need it.

In the latter situation, I recommend that you either use a vhost setup or use telnet-ssl (and change the outside port to something obscure) if you can employ NAT. EG: 22022 -> 2002 etc.

Also change the administrator and manager voice mail codes. (Form 50 mbox 999). Any person able to hit a mailbox from the outside can muck with these accounts.

I prefer to zero the Maint2, supervisor and attendant logins (or make them complex passwords and stash them somewhere).

Jim