OSBiz MR5 FR1 (V2 R5.1.0_019) is vandaag officieel in GA vrijgegeven. Buiten een aantal opgelost issues is er ook enorm veel geïnvesteerd in security. Hieronder vind je een beschrijving van de punten, die betrekking hebben tot security, waarvoor aanpassingen opgenomen zijn in de software. Deze vind je ook in Hoofdstuk 6 van de release notes. Lees ze aandachtig voor je een systeem upgrade.
Within SW version V2R5.1, the following security relevant issues are addressed:
Disclosure of passwords for OpenScape Business root and database access
The changes in V2R5.1 affect OpenScape Business X, S and UC Booster systems and prevent unauthorized access to the systems. Operation and serviceability of the system is not affected by this change.
Note: The following applies for OpenScape Business systems in a network only: The “Default SQL password” has to be activated in every system in the network before the SW update to V2R5.1 is applied. After SW update of all systems a new SQL password has to be generated in each system to secure the network. (Administration Portal (WBM) Expert mode ==> Telephony Server ==> SQL Security).
Blocked database access
Access to the OpenScape Business database is blocked for any clients in the LAN. Connections via the Remote Service Link Platform (RSP) to database are still possible e.g. for specific problem diagnosis.
Disabled SSH access
The port 22 used for SSH is disabled in OpenScape Business systems by factory default but it could be opened manually by the system administrator. An open port 22 of OpenScape Business X will be closed permanently by upgrading to SW version V2R5.1 and cannot be enabled again afterwards. Remote Service Link Platform (RSP) sessions and terminal connection to the system via USB for diagnostic purpose are still possible.
Note: Port 22 has to be closed manually in OpenScape Business S using the Administration Portal (WBM) before upgrade to V2R5.1 or SLES YAST after upgrade.
Reduced developer functions in the Administration Portal (WBM)
The developer tools within the section platform and application diagnostic of the administration portal (WBM) have been reduced to the required tools for normal operation.
All service related maintenance functions, such as log- and trace functions are still available in the
Administration Portal (WBM).
Secured UC Suite client connections
Access of All UC Suite clients to the system is hardened. This improvement is available from V2R5.1 on. Older UC clients will not work any longer with V2R5.1 for security reasons. All UC Suite clients have to be updated. The update is done automatically by the OpenScape Business Update Service after system SW version has been updated to V2R5.1.
Note: The message “No connection to UC Suite Server” is displayed until the UC Suite client SW has been updated.
- Use always VPN to connect UC Suite clients via the Internet to OpenScape Business.
- Do not open the ports 22 and 5432 within the Internet Router / firewall for access to OpenScape Business X, S and UC Booster from the Internet.
- Apply OpenScape Business Security checklist to harden OpenScape Business systems in general.
- Update Linux from SP3 to SP4
Due to security reasons with OpenScape Business V2R5 for OpenScape Business S/Booster Server Operating System with SLES 11 SP3 is no longer supported. Please install SLES 11 SP4 and then upgrade on V2R5.
Please note that Unify may not take responsibility for resulting losses in case these advisories have been disregarded or improperly or untimely implemented.