All,
We are using ShoreTel for our phone solution. Works well.
I have just recently upgraded from 10.2 to 11.2 to 12.3, after I moved
it to a new VLAN - that was a bit of a late night...
However, it's running on an ancient SuperMicro server, on Server 2003 R2.
It's time to move it to a new Dell machine, running 2008 R2, and to
get to the current version of 13.2.
I've looked at the prerequisites for installing 12.3, and am appalled
at what they suggest, and was hoping for a bit of feedback from anyone
here regarding this.
Here's what they want me to do:
o- Turn off the firewall - disable all of the profiles (Domain, Public
and Private), then turn off and disable the service.
o- Turn off the Base Filtering Engine (disable the service)
o- Set DEP for essential Windows programs and services only
o- Turn off UAC
o- Do not apply patches released past a certain date, stating
"When releasing a new build, ShoreTel publishes build notes
listing the Microsoft
patches that are certified against the build. ShoreTel also
highlights software
changes required by the Microsoft patches. Note that no
additional Microsoft
updates should be applied to your ShoreWare server between
ShoreTel builds. If
you install Microsoft updates between ShoreTel builds, they
may have an adverse
effect on your telephone system.
Disable Microsoft updates until you review the detailed
certification provided with
each release."
If you are running ShoreTel, have you run into this, and how do you
protect your ShoreTel environment, other than firewalling the subnet
that it's on?
To me, this seems like egregiously broken software, requiring me to
reduce the security of the server to near zero.
Thoughts appreciated.
Kurt
