I suspect that the security scan wants to evaluate the risk of the SSH service running on the host, regardless of who can access it. By opening SSH access from the scan host to the CCM host, the security scan can run whatever SSH tests they want to see if it's vulnerable.
Even if you block SSH access from everything except your teams subnet, the SSH server is still vulnerable. This is what the security scan typically wants to find out. The impact of the vulnerability is reduced by your limited access, which would then give you either (a) a pass with conditions, or (b) a fail that you need to resolve. This is just me piecing things together from your note and from my experience. Lelio --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519-824-4120 Ext 56354 [email protected] www.uoguelph.ca/ccs Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 ________________________________ From: cisco-voip <[email protected]> on behalf of Asim Mekki Basheer <[email protected]> Sent: Sunday, November 13, 2016 2:10 AM To: [email protected] Subject: [cisco-voip] SSH Access For CUCM 7.5 Hello Everyone we have CUCM 7.5 in our setup, this week we have security assessment for the call manager The consultant requested the below Access to The CUCM to perform scan: 1-Cisco Call Managers and access to ports 22 and 8443. how can we give SSH we have only admin ACCESS for the SSH Thanks
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
