|
Joined: Sep 2007
Posts: 1,173
Member
|
OP
Member
Joined: Sep 2007
Posts: 1,173 |
If a customer is not using CTI apps, and has an available static IP, we normally throw in a cheap router on our own.
Something like a Netgear 318 for 7200s and 7400s then port forwarding for the MCP, MGI/OAS, SVMi internal IPs. That makes sense and relieves us of the grief of dealing with the data guys.
NOW - on 7100s, 7030s, 7200-S systems where everything is embedded onto one card - I've noticed people saying that put them right on a public WAN IP. No firewall/router.
Is that acceptable? Is there anything to really 'hack' without IT tool and a password?
Just curious if people that set up their own remote maintenance outside/before the customer's network firewall if that is an option - just plugged right into the Wild Wild West. No QOS req or anything like that, just talking strictly about remote programming access.
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Nov 2009
Posts: 602
Samsung Moderator
|
Samsung Moderator
Joined: Nov 2009
Posts: 602 |
Probably not the best idea... pm sent
|
|
|
|
Joined: Sep 2007
Posts: 1,173
Member
|
OP
Member
Joined: Sep 2007
Posts: 1,173 |
Thanks. We will keep putting a cheap router in front in those situations.
|
|
|
|
Joined: Apr 2008
Posts: 457
Member
|
Member
Joined: Apr 2008
Posts: 457 |
Ive always wondered about that to. The Tech that i replaced was natoriuos for puting every thing on the public which took 3 public addresses for the mcp/mgi/vm.I prefer to put them on the private and port foward but I dont see why that is any different than putting them on the public since you cannot change the ports on OSM and VM and stuff like that. Genisis I would like to here your Pm to Noisy and get another take on this. Thanks
Bobby Mreen Communications Technician
|
|
|
|
Joined: Nov 2009
Posts: 602
Samsung Moderator
|
Samsung Moderator
Joined: Nov 2009
Posts: 602 |
Well to put it vaguely IT tool or OSM are not the only way into the 7000's, 100's, 500's, or the MGI cards for that matter. Granted no one will be reprogramming your systems these ways but they can cause you some serious problems and money.
|
|
|
|
Joined: Apr 2008
Posts: 457
Member
|
Member
Joined: Apr 2008
Posts: 457 |
Thats what I thought the concern was about but just wanted someone to reassure the concern. Thanks.
Bobby Mreen Communications Technician
|
|
|
|
Joined: Sep 2007
Posts: 1,173
Member
|
OP
Member
Joined: Sep 2007
Posts: 1,173 |
I should add that I was only considering doing it on the 7030, 7100, and 7200-S where normally everything is at just one address. If I had a 7200 with MCP, SVMi, OAS I definitely wouldn't use statics/direct on internet. That just doesn't seem to clean for communication between the backplane devices. When the manual states that the MCP, SVMi, and MGI/OAS must be "on the same network" I don't think they meant using the public internet as that network . Just the cheapest Linksys or Netgear does the job. I like the Netgear 318. Cheap and easy to program for port forwarding. Funny about installing all three devices on a public/dirty switch!! Now that was a tech that didn't want to deal with a router ....
|
|
|
|
Joined: Dec 2004
Posts: 4,096
Member
|
Member
Joined: Dec 2004
Posts: 4,096 |
I would be a little more concerned than that. The "tech only" ports used are not the big issue and are not likely to be trouble. The one to one NAT and or port forwarding are the biggest issues. Not that I condone the public side use, but bare with me here. What is the point behind port forwarding if it can not be monitored? Small cheap routers offer no security in this area.
K nuff of this, I will continue in private if you guys want. But the Public forum is not the place.
|
|
|
|
Joined: Sep 2007
Posts: 1,173
Member
|
OP
Member
Joined: Sep 2007
Posts: 1,173 |
|
|
|
|
Joined: Jan 2008
Posts: 28
Member
|
Member
Joined: Jan 2008
Posts: 28 |
I can add that when we were writing additional Network Monitor software for OS 7000 systems, we found one bad thing about MCP LAN interface. If you try to send for example 100 by second TCP/IP packets to it ( we used TCP/IP packet with one byte symbol and sent it to the TCP Alarm port for alive checking, and mistakenly sent them so often ) MCP will hang-up and will return to life only after reset. DDOS problems are present…
|
|
|
Forums84
Topics94,284
Posts638,772
Members49,765
|
Most Online5,661 May 23rd, 2018
|
|
0 members (),
136
guests, and
278
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|