Author Topic: MiCollab Security  (Read 1255 times)

Offline jnickrand

  • Contributer
  • *
  • Posts: 7
  • Country: us
  • Karma: +0/-0
    • View Profile
MiCollab Security
« on: April 26, 2021, 08:10:55 AM »
We just recently put in a Mitel 3300 and have many users using the MiCollab software phones.  We had to open up a lot of ports via the documentation to make this work.  Just wondering how big of a security risk this is and what others might be doing differently.


Offline lundah

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1216
  • Country: us
  • Karma: +66/-0
  • Senior Chief Grunt
    • View Profile
Re: MiCollab Security
« Reply #1 on: April 26, 2021, 08:12:53 AM »
For basic MiCollab and softphone, you only need 2 TCP ports and the RTP ports. Pretty standard for any softphone. It can be locked down enough that it passes PCI scans, how much more secure do you need it to be?

Offline jnickrand

  • Contributer
  • *
  • Posts: 7
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: MiCollab Security
« Reply #2 on: April 26, 2021, 08:53:32 AM »
Right now we have the following ports open:

https, http, 20000-30999(udp), 32000-32500(udp),50000-50999(udp), 5060(udjp), 4443, 36008, 5060, 5063, 6801,5061.

This is what our business partner gave us and said we had to open.

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: MiCollab Security
« Reply #3 on: April 26, 2021, 01:53:41 PM »
MiCollab has a wide variety of ports to open... I really, REALLY dislike putting this in LAN or DMZ mode... Use two connections, one for LAN and one for WAN and put a public IP directly on it. It is designed to work in this way and will only allow authorized traffic though it and it's easier to manage.

Offline lundah

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1216
  • Country: us
  • Karma: +66/-0
  • Senior Chief Grunt
    • View Profile
Re: MiCollab Security
« Reply #4 on: April 26, 2021, 04:50:33 PM »
Right now we have the following ports open:

https, http, 20000-30999(udp), 32000-32500(udp),50000-50999(udp), 5060(udjp), 4443, 36008, 5060, 5063, 6801,5061.

This is what our business partner gave us and said we had to open.

Depending on the details of your setup, all of those ports may be required. Either way, all traffic is authenticated, so what's the concern here? Ports need to be open for machines to talk to each other, you can't avoid that.

Offline Dogbreath

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 396
  • Country: gb
  • Karma: +18/-0
    • View Profile
Re: MiCollab Security
« Reply #5 on: April 27, 2021, 04:43:08 AM »
The server is designed specifically to be internet-facing. The admin interface accepts connections only from specific IPs by default [they will presumably have asked you where you want to manage it from in order to populate the list]. So long as you keep on top of updates then I don't think you've anything to worry about.


 

Sitemap 1 2 3 4 5 6 7 8 9 10