From coit-security at lists.onenet.net Fri Oct 27 10:07:19 2017 From: coit-security at lists.onenet.net (CoIT Security) Date: Fri, 27 Oct 2017 15:07:19 +0000 Subject: [CoIT-Security] Phone Sysstem Message-ID: Fellow IT Colleagues, Cameron University (Lawton, OK) is seeking options to replace an aging PBX system with an IP-PBX / VOIP phone system, many things have change in the phone system world since we last considered this. If you could help us by completing the survey questions below, that will be very helpful to us in making our decision and also letting us know what other educational facilities are using. If you have any questions, or would like to speak to me directly, my contact information is below the survey. Thank you very much for your time! What make/model of phone system are you currently using? Is the phone system on-site or hosted? Is the phone system IP / VOIP based? How many phones are in use or what is the capacity of the phone system? How many fax lines are in use? If using IP / VOIP, how are fax lines being handled? What vendor / provider helped with the implementation / maintenance of the phone system? How were phones deployed when the phone system was installed (third party, internal, etc.)? Are you satisfied with the system you currently have? How easy is it to manage and how is it managed? What department manages day-to-day operations of the phone system? Are SIP trunks being used for external phone system connectivity? How much support is needed for the phone system and are support contracts used? What security concerns did you have with your phone system? Any other comments - Richard Colavito Network Administrator Cameron University 2800 West Gore Blvd. CETES 102C Lawton, OK 73505 580-581-5974 rcolavit at cameron.edu www.cameron.edu [Cameron University Logo] Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the Oklahoma Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 6735 bytes Desc: image003.png URL: From coit-security at lists.onenet.net Fri Oct 27 11:39:00 2017 From: coit-security at lists.onenet.net (CoIT Security) Date: Fri, 27 Oct 2017 16:39:00 +0000 Subject: [CoIT-Security] Cybersecurity Advisory - Elevated Risk to Open RDP Ports (TLP: GREEN) In-Reply-To: References: Message-ID: CoIT Members: Cybersecurity Advisory >>>>>>>>>>>> Cyber threat actors are leveraging open Remote Desktop (RDP) ports to compromise systems and also spread ransomware. Access to systems over RDP has been reported through brute force, dictionary, and stolen credentials compromised and sold on the dark web. This is a elevated risk indicating active efforts against public and private sectors. Recommendation: Block all public access to RDP: 3389 TCP/UDP or RDP custom defined port/application. Best Practices: The following list includes self-protection strategies against ransomware campaigns targeting RDP/3389: * Back up data regularly * Verify integrity of back up process * Keep software updated * Use strong passwords to protect RDP credentials * If possible, use two factor authentication * Audit who accesses RDP * Establish whitelist access for RDP * Consider disabling RDP if not in use * Change RDP port from 3389 to another unused port * Block RDP via firewall * Audit logs for all remote connection protocols * Audit logs to ensure all new accounts were intentionally created * Scan for open or listening ports, and mediate Administrative Note This product is marked TLP:GREEN. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP: GREEN information may not be released outside of the community. If you have questions about this advisory, please let me know. Thanks, April Goode MBA SPP Director of OneNet Strategic Planning and Communications [OneNetBluBlk_rgb] Learn how OneNet powers weather prediction at the National Weather Center. Oklahoma State Regents for Higher Education 655 Research Parkway Suite 200 Oklahoma City, OK 73104 P 405.225.9251 F 405.225.9250 Toll-free 888.5.ONENET april at onenet.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13484 bytes Desc: image001.png URL: From coit-security at lists.onenet.net Fri Oct 27 15:25:03 2017 From: coit-security at lists.onenet.net (CoIT Security) Date: Fri, 27 Oct 2017 20:25:03 +0000 Subject: [CoIT-Security] Phone System Message-ID: Southwestern Oklahoma State University has been using this Cisco system for about 5 years now. We've had very little issues with it. What make/model of phone system are you currently using? Cisco VoIP; Business Edition 6000M Svr (M4); CUCM v. 11.5.1.x Is the phone system on-site or hosted? On-site Is the phone system IP / VOIP based? yes How many phones are in use or what is the capacity of the phone system? 750 phones How many fax lines are in use? 70 If using IP / VOIP, how are fax lines being handled? The calls come in and are transferred to our XMedius Fax system that is hosted on an in-house server. What vendor / provider helped with the implementation / maintenance of the phone system? Chickasaw Telecom How were phones deployed when the phone system was installed (third party, internal, etc.)? Deployed with the assistance of Chickasaw Telecom Are you satisfied with the system you currently have? yes How easy is it to manage and how is it managed? Day to day is simple enough. Should problems occur we contact Chickasaw Telecom or put a ticket in with Cisco. What department manages day-to-day operations of the phone system? ITS Are SIP trunks being used for external phone system connectivity? yes How much support is needed for the phone system and are support contracts used? Support is used if something out of the ordinary comes up; support contracts are used What security concerns did you have with your phone system? Any other comments - Karen Klein Director, Information Technology Services Southwestern Oklahoma State University Office: (580)774-3268 From: CoIT-Security [mailto:coit-security-bounces at lists.onenet.net] On Behalf Of CoIT Security Sent: Friday, October 27, 2017 10:07 AM To: COIT Security (coit-security at lists.onenet.net) Subject: [CoIT-Security] Phone Sysstem Fellow IT Colleagues, Cameron University (Lawton, OK) is seeking options to replace an aging PBX system with an IP-PBX / VOIP phone system, many things have change in the phone system world since we last considered this. If you could help us by completing the survey questions below, that will be very helpful to us in making our decision and also letting us know what other educational facilities are using. If you have any questions, or would like to speak to me directly, my contact information is below the survey. Thank you very much for your time! What make/model of phone system are you currently using? Is the phone system on-site or hosted? Is the phone system IP / VOIP based? How many phones are in use or what is the capacity of the phone system? How many fax lines are in use? If using IP / VOIP, how are fax lines being handled? What vendor / provider helped with the implementation / maintenance of the phone system? How were phones deployed when the phone system was installed (third party, internal, etc.)? Are you satisfied with the system you currently have? How easy is it to manage and how is it managed? What department manages day-to-day operations of the phone system? Are SIP trunks being used for external phone system connectivity? How much support is needed for the phone system and are support contracts used? What security concerns did you have with your phone system? Any other comments - Richard Colavito Network Administrator Cameron University 2800 West Gore Blvd. CETES 102C Lawton, OK 73505 580-581-5974 rcolavit at cameron.edu www.cameron.edu [Cameron University Logo] Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the Oklahoma Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 6735 bytes Desc: image001.png URL: From coit-security at lists.onenet.net Mon Oct 30 13:47:39 2017 From: coit-security at lists.onenet.net (CoIT Security) Date: Mon, 30 Oct 2017 18:47:39 +0000 Subject: [CoIT-Security] Phone Sysstem In-Reply-To: References: Message-ID: Please see responses below. [https://www.redlandscc.edu/RCC.png] Curtis R. Brabham, Jr. Chief Technology Officer Campus & Information Security Redlands Community College https://www.redlandscc.edu/ Curtis.Brabham at redlandscc.edu Office: 405.422.1449 Fax: 405.422.1449 1300 South Country Club Road El Reno, OK 73036-5304 From: CoIT-Security [mailto:coit-security-bounces at lists.onenet.net] On Behalf Of CoIT Security Sent: Friday, October 27, 2017 10:07 AM To: COIT Security (coit-security at lists.onenet.net) Subject: [CoIT-Security] Phone Sysstem Fellow IT Colleagues, Cameron University (Lawton, OK) is seeking options to replace an aging PBX system with an IP-PBX / VOIP phone system, many things have change in the phone system world since we last considered this. If you could help us by completing the survey questions below, that will be very helpful to us in making our decision and also letting us know what other educational facilities are using. If you have any questions, or would like to speak to me directly, my contact information is below the survey. Thank you very much for your time! What make/model of phone system are you currently using? Redlands implemented a ShoreTel system in Fall 2009. We have a variety of phone models: IP115, IP230, IP565, IP655. Note: ShoreTel was recently purchased by Mitel. I am undecided on whether or not this is good or bad. We did look at Mitel years ago when we were evaluating systems. Their product was really good from a user standpoint, but not very friendly from an administrative standpoint. The management server would only run on Linux (not a big deal for most, but wasn't something we wanted to entertain at the time), and most changes/programming required command-line input. I'm sure a lot has changed in the 8-9 years since we last looked at their first-hand product. Is the phone system on-site or hosted? Our system is on-premises. ShoreTel does offer a hosted solution, or a hybrid. Our on-premises setup does include the use of hardware-based VOIP switches. However, ShoreTel now offers a both a VMware and Hyper-V virtual appliance option for the voice switches. The management server (also used for voicemail) can also be virtualized. For voice switches we have: 2 x ShoreTel ShoreGear 220-T1's 1 x ShoreTel ShoreGear 120 (at a remote location) 2 x ShoreTel ShoreGear 90's 1 x ShoreTel ShoreGear 90 (at a remote location) 3 x ShoreTel ShoreGear 24A's The number in the model is how many IP phones that switch will support. If you configure an analog extension off consume five IP phone ports (excluding on the 24A's). One of the 220T1's is configured for the PRI. The PRI is also configured on the other 220T1 so we can quickly move the incoming link over in the case of hardware failure on the primary. Each 220T1 can still support 100 IP phones with the PRI configured. The 24A's will each support 24 analog ports and do not support any IP phones. The system automatically assigns IP phones to a switch based on site, IP address mapping, and available switch capacity. Is the phone system IP / VOIP based? Yes. How many phones are in use or what is the capacity of the phone system? We have approximately 275-300 phones in use. The capacity depends on the voice switches implemented and licenses purchased. How many fax lines are in use? We have three 24-port analog voice switches (converts VOIP to analog). Three were required when we originally purchased the system due to the number of fax machines, credit card machines, and other analog devices we had at the time. Only one of the analog switches is currently used for analog lines now. One is kept in operation for testing and as a backup, and the third is configured for conference ports. We only use eight lines for faxing as we have implemented a MultiTech fax server for all inbound/outbound faxing. We have approximately 25 or so dedicated fax extensions, all routed through the fax server. Any extension can be configured as a fax line. For example, my office number is configured on the fax server to route incoming faxes to my email as PDF attachments. By default, any incoming call determined to be a fax is routed to the fax server regardless of the extension. The system determines this by "listening" for the initial negotiation beeps and transferring the call to the fax designated fax line(s). The fax server is configured to route incoming faxes to a default email if a route is not defined for the extension. This ensures no faxes are missed. An extension can be configured so the re-route does not occur. Outbound faxes are sent via email to the fax server using a specifically crafted email address format. The content of the fax is attached as a PDF to the email, and the body of the email is used in the notes section on the cover sheet. The fax server will automatically retry on busy signals, and will deliver a successful or failed report to the sender. If using IP / VOIP, how are fax lines being handled? Through a MultiTech analog fax server. MultiTech (and other companies) do offer SIP-based fax servers. What vendor / provider helped with the implementation / maintenance of the phone system? Peak Uptime. They assisted on the determination of what was required to replace our Nortel PBX, configuration of the management server, installation of the voice switches, and deployment of the phones. Our purchase was done through the PEPPM contract, which I believe offers better pricing than the state contract. The state contract was not in place when our purchase was completed. How were phones deployed when the phone system was installed (third party, internal, etc.)? We deployed all 275-300 phones in a single day. This was a joint effort between Redlands IT and Peak Uptime staff. Are you satisfied with the system you currently have? Yes. How easy is it to manage and how is it managed? Day-to-day management is very easy. We can have a new technician trained on creating a new extension within a matter of minutes. The management interface is all web driven. What department manages day-to-day operations of the phone system? IT Are SIP trunks being used for external phone system connectivity? Not currently. Currently we have an incoming T1 that is converted to a PRI. Future plans will change this to incoming SIP trunks, but those will still be converted over to a PRI for connectivity into our ShoreTel system. This is due to the voice switch the incoming lines connect to (a ShoreTel 220T1). We are not looking to replace system hardware with the provider change over. How much support is needed for the phone system and are support contracts used? Support contracts are maintained and used. The system has been very stable for us, and we have not had to rely on the support vendor for very many issues. However, for the issues that we have had to contact them for, the issues were resolved very quickly. ShoreTel annual maintenance costs are 10% of the original purchase cost. We do not carry maintenance on the phones. What security concerns did you have with your phone system? None at this time. They offer a VPN concentrator for phones outside of the system. Some phone models include a VPN client that can connect to the system through their concentrator. We didn't find the VPN concentrator to be necessary as we don't have any phones that aren't directly connected to our network either on campus, or through an MPLS/VPLS link. We also have an SSL VPN with support for all major smartphones. This method can be used with the ShoreTel mobile app. Voicemail is configured by default to forward to the individual's mailbox as an attachment. You can also dial into the system to check voicemail. Any other comments - We also have the system configured to alert key personnel by text message in the event 911 is dialed from any extension on campus. The text message provides the extension 911 was dialed from, so we have a reasonable expectation of where the call was placed from and can respond very quickly. The one caveat is that a user can log their extension into any phone on campus if they are temporarily operating out of a different office. This doesn't happen very often, and hasn't caused any problems yet. Richard Colavito Network Administrator Cameron University 2800 West Gore Blvd. CETES 102C Lawton, OK 73505 580-581-5974 rcolavit at cameron.edu www.cameron.edu [Cameron University Logo] Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the Oklahoma Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. Redlands Community College provides a learner-centered environment committed to academic excellence strengthened through service and civic engagement. **CONFIDENTIALITY** - This e-mail (including any attachments) may contain confidential, proprietary, and/or privileged information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. Any unauthorized disclosure or use of this information is prohibited. Information contained herein may be subject to the Privacy Act of 1974, Family Educational Rights and Privacy Act of 1974 (FERPA), and/or the Health Insurance Portability and Accountability Act of 1996 (HIPAA). -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 1632 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 6735 bytes Desc: image002.png URL: