On Fri, Jul 19, 2013 at 5:50 PM, Richard Stovall <[email protected]> wrote: > What's the big deal? > > I run Shoreware Director in a VM and it works great.
Not worried about virtualization, because I don't think our infrastructure is ready to go yet - soon, though. > The bit about MS patches is just a cover. I've never, ever had a problem > keeping my Director server up to date. (If I did have a problem, I would > revert to the backup (that I always make) just before installing updates.) Always a good strategy. > The rest of it? Meh. Your LAN is isolated from the world and is generally > secure, right? Uh, no, that's not my thought process. Layers of defense, and this company is stripping me of several of those layers. That's seriously the wrong approach for a vendor to take. > No non-admin can login to your Director server, right? As in via RDP or the console? Correct. That's small consolation (as it were.) If you mean via the management web interface, no, but I'm pretty sure that's not what you're getting at. > All > orgs are different, but we're of a size similar to yours (I think, but > without the complication of overseas offices). It's one server with > particular requirements. Do whatever you want, but be prepared to modify > things if you have to engage ShoreTel support to fix a problem. For my > money, it's easier to deal with it up front and comply, and I don't see any > egregious security risks inherent in doing so. Yes, I did what I want, for my initial approach. I sent a polite but stiff email to support@ and sales@, saying that the product until now has been fine, and so has our reseller, but they (ShoreTel) really need to clean up their act. I'm still debating with myself about my best course of action. Overseas offices aren't a complication in this case, since they each have their own key systems, which don't interoperate with our phone system. > PS FWIW, Shoretel 13.x rocks if you have SIP trunks. I do look forward to it. I've got an SG-50 doing some SIP trunks - for RightFax, as it happens, but I'll probably get more if it exposes some cools stuff. Kurt > > On Fri, Jul 19, 2013 at 7:00 PM, Kurt Buff <[email protected]> wrote: >> >> All, >> >> We are using ShoreTel for our phone solution. Works well. >> >> I have just recently upgraded from 10.2 to 11.2 to 12.3, after I moved >> it to a new VLAN - that was a bit of a late night... >> >> However, it's running on an ancient SuperMicro server, on Server 2003 R2. >> >> It's time to move it to a new Dell machine, running 2008 R2, and to >> get to the current version of 13.2. >> >> I've looked at the prerequisites for installing 12.3, and am appalled >> at what they suggest, and was hoping for a bit of feedback from anyone >> here regarding this. >> >> Here's what they want me to do: >> >> o- Turn off the firewall - disable all of the profiles (Domain, Public >> and Private), then turn off and disable the service. >> o- Turn off the Base Filtering Engine (disable the service) >> o- Set DEP for essential Windows programs and services only >> o- Turn off UAC >> o- Do not apply patches released past a certain date, stating >> "When releasing a new build, ShoreTel publishes build notes >> listing the Microsoft >> patches that are certified against the build. ShoreTel also >> highlights software >> changes required by the Microsoft patches. Note that no >> additional Microsoft >> updates should be applied to your ShoreWare server between >> ShoreTel builds. If >> you install Microsoft updates between ShoreTel builds, they >> may have an adverse >> effect on your telephone system. >> Disable Microsoft updates until you review the detailed >> certification provided with >> each release." >> >> >> If you are running ShoreTel, have you run into this, and how do you >> protect your ShoreTel environment, other than firewalling the subnet >> that it's on? >> >> To me, this seems like egregiously broken software, requiring me to >> reduce the security of the server to near zero. >> >> Thoughts appreciated. >> >> Kurt >> >> >
