Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted , servers rebooting, or arbitrary code being executed. Cisco has made free software available to address these vulnerabilities.
Cisco Security Advisory: Cisco CallManager Memory Handling Vulnerabilities, July 2005 http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml
From home Linksys VoIP-enabled routers all the way to enterprise CallManager clustered deployments, Cisco's Architecture for Voice, Video, and Integrated Data (AVVID) portfolio includes a wide range of software, hardware, and applications to cater to almost any VoIP market. In deciding what Cisco products to concentrate on in this chapter, we wanted to remain focused on the enterprise. Even narrowing down to general enterprise deployments, we were still left with many options. Our test deployment described in the following sections is fairly general and includes attacks and countermeasures that are relevant to other Cisco VoIP product lines and versions.
The layout of this chapter follows the previous material in the book by revisiting many of the attacks we've already defined but presented in a Cisco-specific environment. Correspondingly, the countermeasures here are specific to a Cisco environment in order to provide more focused recommendations. All of the general countermeasures previously covered for each attack still apply; however, we chose to include only those countermeasures that significantly helped augment some of those recommendations with Cisco-specific guidelines.
We would like to thank and acknowledge the help of Troy Sherman from Cisco's Security Group for his assistance and feedback on this chapter.
Cisco Systems takes a comprehensive systems approach to security for Unified Communications. Products and technologies from Cisco provide security at all levels of a Unified Communications Systemthe Infrastructure, Call Management, Endpoints, and Applications. For a system to be considered secure, the security issues for each of these levels must be addressed, and they must be addressed in a systemic manner with all the different components designed to work together. Cisco security for Unified Communications takes advantage of security functions inherent in Cisco voice, networking, and security products and technologies at all levels of a Unified Communications system to ensure safe, reliable communications.
Unified Communications security must work in concert with security measures taken for an organization's entire network. Cisco's approach builds on the Self-Defending Network strategy of a network designed to adapt to new threats as they arise.