Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ip Office Security / Hacking 3

Status
Not open for further replies.
torilee

torilee

IS-IT--Management
Feb 26, 2019
1
US
thread940-1723056

Hello,

We are using Avaya IP Manager Version 10.1 (73). Recently, we received a call from our provider stating that they have disabled our international calls because someone has been making hundreds of calls. Neither of these calls were made by anyone in our company.
I see that this has happened before to some users. (I realized this was years ago but it is still happening)

Is it best practice to put an additional firewall in front of our IP office?
Does anyone have any advice?

- Tori
 
Sort by date Sort by votes
Are you saying you connected the IPO straight to the internet?

Like I can connect to it from my home using the public IP Adress?

If so, remove it NOW!!!
 
Upvote 0 Downvote
torilee said:
Is it best practice to put an additional firewall in front of our IP office?
Click to expand...

Absolutely
as Okie says the IPO should not e visible on the Internet to anyone except those that absolutely need it (some sip providers, but not all)
if you IPO has been installed without this basic protection then i suggest you change installer/maintainer and find a competent one as soon a possible.



Do things on the cheap & it will cost you dear
 
Upvote 0 Downvote
Change the passwords you use for access and disable all others not used in the security settings. As asked how do the maintainers access the IP Office? You should not use port forwarding for access, only a VPN or PC onsite with access. Also if you have a SIP provider that is using port forwarding for SIP trunks lock down the IP Office to only their addresses and no others.
Mike
 
Upvote 0 Downvote
I'll do a security audit on your IP Office if you'd like.. port scan, and check remote management access. Usually these compromises come in through web management on 7070, 8443 or 9443... which should be closed off for external access, or made whitelist-only. Might be a good idea to change your security setting for failed attempts, set to log and disable, so that they can't brute force in. Might want to consider moving from 5060 if you need external SIP connections.. (remote SIP, Communicator app)
 
Upvote 0 Downvote
Hey this is an easy fix beside change passwords. Remember to disable any Manager accounts that you do not use. Do not use standard passwords either.

Is this an IPO 500V2 or SE?

For Sip you should have a router or SBCE in front of it.

On this router block all 5060 connections and just create a 5060 rule for your sip provider. For external users change to 5061 for connectivity which is encryption with certificates.

If you access this remotely for admin, over the internet allow only your public IP for Manager ports 50802-50815. Common practice to have a VPN

I would normally put a router or SBCE in front and not have the IPO exposed on the internet
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dbb1234
  • Question
IP Office v12 Certificate Expiration 1
Replies
4
Views
544
dbb1234
dbb1234
TN94z
  • Question
IP Office 11.1.3.1 with IP Flex - Sending caller ID
Replies
7
Views
502
TN94z
TN94z
D
  • Question
IP Office Server Edition Select - Support resiliency.
Replies
4
Views
220
derfloh
derfloh
4thright
  • Question
IP Office 500 v2 - T1 Trunking
Replies
14
Views
685
derfloh
derfloh
john3voltas
  • Locked
  • Question
IP Office Server Edition - tcpdump / Wireshark
Replies
3
Views
364
john3voltas
john3voltas

Part and Inventory Search

Sponsor

Back
Top