Mitel 6800 Series SIP Phone Release 4.2.0 Administrator Guide
2-15
Blacklist for Web Interface Attacks
An additional security feature is available for the Web UI whereby when the phone detects an
attack on its Web UI, it will automatically blacklist the IP of the attacker. By default, when the
initial attack is detected by the phone, access will be denied for 10 minutes. After the blacklist
period expires, if another attack is detected from the same IP, access will be denied for 20
minutes and every attack thereafter will trigger the blacklist again for incrementally larger
durations (i.e. 30 minutes, 1 hour, and 10 hours).
Administrators have the option of defining the maximum blacklist duration using the “
web
interface blacklist duration
” parameter. By configuring this parameter, administrators can set
the maximum amount of time the IP of the offending attacker will remain on the blacklist.
Use the following procedures to configure the maximum Web UI blacklist duration.
For specific parameters you can set in the configuration files, see Appendix A, the section,
“Mitel Web UI Settings”
on
page A-19.
SECURE WEB SERVICE FEATURE
The parameter "
secure web service
" is available allowing Administrators the ability to manually
open or close HTTP/HTTPs ports 80 and 443 as well as port 49249. Closing these ports not
only disables users from accessing the Web UI and other services such as XML, BroadWorks
Xsi, and custom ring tones, but will also help nullify web server attacks as the ports will not be
visible using port scanning software.
By defining the "
secure web service
" parameter as "1" in the configuration files, Administrators
can close TCP ports 80, 443, and 49249 on the phone.
Use the following procedures to manually open/close ports 80, 443, and 49249.
For specific parameters you can set in the configuration files, see Appendix A, the section,
“Secure Web Service Settings”
on
page A-19.
CONFIGURATION FILES
Notes:
1.
Ports 80, 443, and 49249 are open by default.
2.
Closing ports 80, 443, and 49249 does not have an effect on the HTTP/HTTPs
client service on the phone.
3.
This parameter takes precedence over the "
web interface enabled
" parameter. For
example, if the "
web interface enabled
" parameter is defined as "1" (the Web UI
is enabled) and the "
secure web service
" parameter is defined as "1" (ports 80,
443, and 49249 are closed), users will not be able to access the Web UI.
Alternatively, if the "
web interface enabled
" parameter is defined as "0" (the Web
UI is disabled) and the "
secure web service
" parameter is defined as "0" (ports80,
443, and 49249 are open), users will not be able to access the Web UI but the ports
will still be open and visible.
CONFIGURATION FILES
Содержание 6867i Premium
Страница 1: ...Mitel 6800 Series SIP Phones 58014473 REV00 RELEASE 4 2 0 ADMINISTRATOR GUIDE ...
Страница 21: ...Chapter 1 OVERVIEW ...
Страница 52: ...Chapter 2 CONFIGURATION INTERFACE METHODS ...
Страница 71: ...Chapter 3 ADMINISTRATOR OPTIONS ...
Страница 154: ...Chapter 4 CONFIGURING NETWORK AND SESSION INITIATION PROTOCOL SIP FEATURES ...
Страница 262: ...Chapter 5 CONFIGURING OPERATIONAL FEATURES ...
Страница 579: ...Chapter 6 CONFIGURING ADVANCED OPERATIONAL FEATURES ...
Страница 654: ...Chapter 7 ENCRYPTED FILES ON THE IP PHONE ...
Страница 660: ...Chapter 8 UPGRADING THE FIRMWARE ...
Страница 669: ...Chapter 9 TROUBLESHOOTING ...
Страница 699: ...Appendix A CONFIGURATION PARAMETERS ...
Страница 1003: ...Appendix B CONFIGURING THE IP PHONE AT THE ASTERISK IP PBX ...
Страница 1007: ...Appendix C SAMPLE CONFIGURATION FILES ...
Страница 1023: ...Appendix D SAMPLE BLF SOFTKEY SETTINGS ...
Страница 1027: ...Appendix E SAMPLE MULTIPLE PROXY SERVER CONFIGURATION ...
Страница 1042: ......