Norstar and Callpilot Security

[Mansell]

Is there any info on vulnerability testing on the Norstar and CallPilot 100/150 ? What is the underlying operating system, Unix, OS2, ?

Thanks

Mansell

 

[Serenitynow109]

Check Nortel's partner website. They have White Papers on Fruad and how to deal with.

 

[Mansell]

Thanks Serenitynow109, been there, but I have a Security Director asking me if the system has been "hardened" or if Nortel has done vulnerability testing from a network perspective. He is concerned about giving the Callpilot an IP address - placing this "box" on his network without knowing the security impact

 

[nortelnorstar]

He has reason to be concerned. If your network is using VPN router and the Call Pilot is in the same subnet, it is accessable from the outside world.

Marv

http://www.telemarv.ca

 

[Serenitynow109]

The problem Marv is Nortel will not support remote access via modem connection.

 

[nortelnorstar]

THey may not support it but its there.

Marv

http://www.telemarv.ca

 

[biv343]

If I'm not mistaken, CP100/150 runs a Linux/Unix derivative. Haven't heard of or seen any security/vulnerability bullitens released for it yet. As with most "embedded" type applications, things that aren't expressly needed for the system to work are left off.

Marv - if there is a VPN router installed, and CallPilot is on the private side of the VPN router, then it isn't/shouldn't be accessible from the outside world (unless the installer did a really, really bad job configuring the device). In the case of the Contivity platform, there are no default user accounts configured that will terminate a VPN session, and there are no NAT rules configured by default that would "publish" the internal CallPilot IP to the outside world.

Just my 2 cents....