Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPO Web services

Status
Not open for further replies.
karlzre

karlzre

Technical User
Jan 2, 2007
344
BE
Hi,

I saw that log from the ipoffice.
Access to Web Service failed due to incorrect credentials. Web Service: /ws/security/authenticate. Username: Administrator.

What are these web services, what canbe done trough that ?
May a hacker made config changes from there ?
How can i securise it ?

Thx

ACA IPTelephony
ACA IPOffice implement
ACS IPOffice implement
 
Sort by date Sort by votes
It's described a bit on Devconnect.

As long as no one can access your IPO from the internet you should be fine.
You can get some info from the PBX without credentials and make config change with the same account as with Manager.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
As stated as long as your IP office is not reachable from the public internet you should be ok. I guess it is also possible an employee could enter the IP of your control unit into their web browser and muck around if disgruntled or just bored. As long as you are using a non default Administrator password and have other accounts disabled or changed passwords you shouldn't have to worry about the second scenario.

If you are on the public internet then yes you do need to worry they can make a lot of changes... you should NEVER put your IP office on a public internet without locking it down through a firewall and really knowing what your doing.

The truth is just an excuse for lack of imagination.
 
Upvote 0 Downvote
The ipo id not connected direcly to the internet.
It s behind à sbc but the source looks to be the customer firewall.

We are checking with customer if there is some natting from this device.

Password is not the default off course.

ACA IPTelephony
ACA IPOffice implement
ACS IPOffice implement
 
Upvote 0 Downvote
So if you are saying that it is in fact connected to the public internet but you have a SBC and firewall in the way it seems like something is not as locked down as you would like.

The truth is just an excuse for lack of imagination.
 
Upvote 0 Downvote
I am 90% sure this of a false alarm.
Do you use one-x mobile?
Seems like an authentication error from there.
But if not then secure the sbc more by only allowing avaya equitment.

BAZINGA!

I'm not insane, my mother had me tested!
 
Upvote 0 Downvote
BTW. Web Services on IPO500 are a joke. Takes time to load up once you login, sluggish response at best, limited access to system features. Nothing to see here move along...

"Never fear billing a client for services rendered, or they will think your time is worthless"
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

attex
  • Locked
  • Question
IPO 11.1.3.1 b34 Web Client
Replies
2
Views
445
vid151
vid151
atcphone
  • Helpful tip
Avaya IPO Virtualization
Replies
1
Views
302
derfloh
derfloh
William C290
  • Locked
  • Solved
ACCS & IPO 1
Replies
4
Views
618
William C290
William C290
dessertman
  • Locked
  • Question
IPO software upgrade 1
Replies
2
Views
343
derfloh
derfloh
DiscLight
  • Question
VOIP Cloud vs Avaya IPO 500v2 5
Replies
9
Views
1K
Menniss
Menniss

Part and Inventory Search

Sponsor

Back
Top