Password Forum? 7

[mcopini]

Morning all,
Just a thought...
Every now and then I come across a thread where someone asks for some sort of password for some sort of system. I stumble over at least one craft password every week. Now I know sometimes some of us really need these passwords (including myself) and many of us don't like to ask our vendors for them or just can't seem to get them.
I dont wish to start a discussion on 'putting Avaya out of business' and all that, but just want to point out that not all techies on the net are benevolent administrators just looking to build nice solutions for their company.
Wouldn't it be just a bit safer to just E-mail passwords, if we must? To put 'em out there on the net just doesn't feel... right...

Remember this is not a note to anyone specific and the last thing I want is to offend people. I just want to ask you all to be aware. So many companies have already fallen victim of hackers/phreakers.

Kind Regards and with all due respect for those making time and effort helping us out.

Maarten Copini

 

[mikeydidit]

Maarten, you are so right. I am currently on V8 and will be on V11 before the end of the month. The whole push from every manufacture of every telephone system is to do VOIP which involves your switch being on the network. I found out a while back that in about 3 to 5 years, Avaya switch’s will have to go to the off board processors. I work very closely with our IT department and it scares me to death to think of my switch becoming a target like our network is. Having the passwords out there for just anyone to use is probably not in the best interest of everyone.


Mikey

 

[mcopini]

Any Reactions?

Kind Regards,
Maarten Copini

http://www.effecta.nl

Home is were you end up when you've got nothing better to do

 

[actaeon1979]

Our comapy's looking at an upgrade to 1.3 with S8700, but I'm not too sure on the network-security side.. Any of you guys got any ideas or hints on the risks? I just hate the idea off all these IP interfaces on my PBX...

Thnx and Rgdz,

Actaeon

 

[fonedoc]

Maarten:

I couldn't agree more. Even as an Avaya Gold Business Partner getting passwords to do what I must do on a daily basis is a real pain in the $%#@!^&^^&. With the advent of the dadmin login, this has helped somewhat. I recently completed a "superpatch" upgrade to an S8300 and had to have Avaya Tier III on the phone 17 times in 1 day just to get the upgrade done. The one that really gripes my rear is the Intuity Audix. Because you only have 3 logins (craft, sa and vm) Avaya must keep a band of employees on salary just to change the craft password every 90 days. I can't complete a job tonight because Avaya changed the craft password on the Intuity I'm working on yesterday.

Sorry for venting!

Sleepless in the switchroom!!!!

fonedoc

 

[n00benduser]

[sarcasm]I actually went to a Avaya demo of the new 1.3 and S8700. They told me that it is totally secure and nothing would happen...so if Avaya says it to be, it must be. [/sarcasm]

Seriously though, Your switch will only be as secure as your data network. If you do not have control or knowledge of how it works that may be a problem. The only saving grace that I liked about the demo was that the S8700 is Linux based (Red Hat). When hackers start going after Linux, then we are all screwed either way...VoIP or not. Another thing I noticed is that Release 11 is the same as 1.1 or 1.2 of the S8700 versions...interesting. I may be stating the obvious but its new to me. In theory my new Definity G3 v11 can be 1.3 with only a patch...All they did is take the cpu off of a blade and put it in a box. If I had a $ for everytime the speaker said "Rack mount" I would be rich.

The major points he stressed was EC500 (extention to mobile), The media servers (S8300/8700) and IP Office as a Conference Bridge. He didn't like the fact that I used my ext-to-mobile as ext-to-myhome# and that I used vectoring to combine meet-me conferences or the fact that "logining into a IP phone" is basically the same at TTI'ing....

One thing I did find very interesting is the WIFI cell stuff and the softphone call manager that uses SIP....when I get more literature on it I will post it.

n00b

 

[AvayaHelp]

Firewalls are a wonderfull thing, we have three back to back. One for access/tunneling into the network, a second to the domain (Terminal Services) and a third to the switch. Now we are looking at secure-id authentication on top of that, a little over the top? Maybe, but it helps me sleep at night. If your IT dept can help you set that up I highly recommend it.

Avaya, Octel, AUDIX, CMS and other fun stuff.

"There is always a way, it may not be pretty but there is always a way."

P:-D

 

[cossmos]

My company recently aquired a Definity system. It has a Intuity Audix(R) R 4.4-4.5.0 voice mail. I have the vm password. Unfortunately, I need the craft password to access the system evaluation report. I agree you can't just post these on the internet for every one. Will anyone help?

 

[orypecos]

If the Avaya system has been connected to Avaya for remote maintenance monitoring, then there is a automatic computer program that changes the craft and other Avaya passwords to something other than the default login for security purposes. U don't need the craft password to see the "system evaluation report", what u need is the "sa" login. That is the customer login that has more permissions.