Hardening the IP Phone

This chapter covers the following topics:

  • Identifying potential threats against IP phones and the attack tool or method
  • Explaining how signed firmware images prevent rogue or incorrect images from being placed on the IP phone
  • Configuring parameters in the Phone Configuration window of Cisco CallManager Administration to harden the IP phone
  • Explaining how disabling the PC port, the Settings button, and web access help secure the IP phone
  • Explaining how, by ignoring gratuitous ARP, the IP phone can help prevent a man-in-the-middle attack
  • Explaining how blocking the PC from accessing the voice VLAN through the IP phone prevents eavesdropping on the voice conversation
  • Explaining how authentication and encryption on Cisco CallManager and the IP phones prevent identity theft of the phone or Cisco CallManager server, data tampering, and call-signaling and media-stream tampering

The IP phone is a target for attacks just like all other components of the network. Very often endpoints, such as IP phones, are not protected; only servers and network infrastructure devices are hardened. This is not a good practice because IP phones have default settings that make them vulnerable to certain attacks. However, several options are available to harden IP phones and, thus, protect them against various attack and infiltration methods. This chapter discusses these methods.

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions


Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net