Mitel 6867i Administrator's Manual page 66
6800 series
Hide thumbs
Also See for 6867i:
- User manual (235 pages) ,
- Training manual (29 pages) ,
- Installation manual (24 pages)
Table of Contents
Advertisement
Mitel 6800 Series SIP Phone Release 4.2.0 Administrator Guide
Blacklist for Web Interface Attacks
An additional security feature is available for the Web UI whereby when the phone detects an
attack on its Web UI, it will automatically blacklist the IP of the attacker. By default, when the
initial attack is detected by the phone, access will be denied for 10 minutes. After the blacklist
period expires, if another attack is detected from the same IP, access will be denied for 20
minutes and every attack thereafter will trigger the blacklist again for incrementally larger
durations (i.e. 30 minutes, 1 hour, and 10 hours).
Administrators have the option of defining the maximum blacklist duration using the "web
interface blacklist duration" parameter. By configuring this parameter, administrators can set
the maximum amount of time the IP of the offending attacker will remain on the blacklist.
Use the following procedures to configure the maximum Web UI blacklist duration.
CONFIGURATION FILES
For specific parameters you can set in the configuration files, see Appendix A, the section,
"Mitel Web UI Settings"
SECURE WEB SERVICE FEATURE
The parameter "secure web service" is available allowing Administrators the ability to manually
open or close HTTP/HTTPs ports 80 and 443 as well as port 49249. Closing these ports not
only disables users from accessing the Web UI and other services such as XML, BroadWorks
Xsi, and custom ring tones, but will also help nullify web server attacks as the ports will not be
visible using port scanning software.
By defining the "secure web service" parameter as "1" in the configuration files, Administrators
can close TCP ports 80, 443, and 49249 on the phone.
Notes:
1. Ports 80, 443, and 49249 are open by default.
2. Closing ports 80, 443, and 49249 does not have an effect on the HTTP/HTTPs
client service on the phone.
3. This parameter takes precedence over the "web interface enabled" parameter. For
example, if the "web interface enabled" parameter is defined as "1" (the Web UI
is enabled) and the "secure web service" parameter is defined as "1" (ports 80,
443, and 49249 are closed), users will not be able to access the Web UI.
Alternatively, if the "web interface enabled" parameter is defined as "0" (the Web
UI is disabled) and the "secure web service" parameter is defined as "0" (ports80,
443, and 49249 are open), users will not be able to access the Web UI but the ports
will still be open and visible.
Use the following procedures to manually open/close ports 80, 443, and 49249.
CONFIGURATION FILES
For specific parameters you can set in the configuration files, see Appendix A, the section,
"Secure Web Service Settings"
2-15
on
page A-19.
on
page A-19.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
