ATA Access via IP address

[Planetmaker]

There are settings that can be changed if you browse to an ATA's IP address. Does anyone know how to lock it down? I've changed the UIPassword which appears in the menu but it doesn't seem to do anything.

 

[cdiross]

Are you supplying this information to the general user environment? How would they get the IP address for the ATA otherwise?

 

[Planetmaker]

My manager is just being cautious - I suppose you could get a user with some knowledge about of web based devices find out what subnet they are on themselves and see if they can browse to anything. A long shot I know.
This issue was found out by someone who was browsing to a switch but enterered the wrong address.

 

[cdiross]

The user authentication should be secure enough. Unless the person has a unity account or knows the admin authentication; they aren't accessing. If they do know all of that, then there is an issue with security.

 

[Planetmaker]

Thats what I'm talking about - anyone can browse to these ATA's they have standard network logins - they don't have access to call manager or unity we have MLA set up etc.
It would be best if these ATA's needed a username and password to access the info - but there doesn't seem to be a way of setting one up.

 

[cdiross]

A user cannot log into the device with a domain account. Conference phones have the same admin page.

 

[Planetmaker]

I mean the users have the standard network logins.
They are logging onto the network. They are not logging onto the ATA - they are presented with the admin pages for that device by simply browsing to it. Hence the problem.

 

[cdiross]

But again, it's just a page with a login. They have to be set up with an administrative ccm login into access. Otherwise the page is useless to them. That there really is security enough. It's pretty much the same as "any" login page on the internet. Not registered; no login.

 

[Planetmaker]

That'll do for me then cheers!