![]() With restricted access, the user can modify the contrast and ringer settings but cannot access other settings. CUCM Release 4.1 and later releases offer a restricted option for settings access. The network settings share information about the network that an attacker can leverage to launch attacks. Settings Accessĭisabling access to settings prevents anyone with physical access to the phone from gathering information about network settings (DHCP server, TFTP server, default router, and CUCM IP addresses). This practice is not common otherwise, however, because it entails a major functionality constraint. The PC port should be disabled in special areas such as a lobby or areas where no additional PC access is allowed. ■ Web Access: Disable access to the IP phone from a web browser to avoid the risk that details about the network infrastructure could be exposed.įigure 9-31 displays the device-level security configuration options.įigure 9-31 IP Phone Security Configuration ■ PC Voice VLAN Access: Disable this feature to stop the IP phone from forwarding voice VLAN traffic to the PC. ■ Gratuitous ARP: Disable this feature to prevent GARP-based man-in-the-middle attacks. ■ Settings Access: Disable or restrict access to the IP phone settings to avoid the risk that details about the network infrastructure could be exposed. ■ PC Port: Disable the PC port to prevent a PC from connecting to the corporate network via the IP phone's PC port. ■ Disable Speakerphone and Disable Speakerphone and Headset: Disable these features to prevent eavesdropping on conversations in the office by an attacker gaining remote control of the IP phone and listening to the sound near it. ![]() To secure Cisco IP Phones, you can modify these settings: The product-specific configuration parameters of Cisco IP Phones are set by default to achieve the greatest functionality but are not considered secure. There are several options available to harden IP phones and thus protect them against various attacks and infiltration methods. IP phones have default settings that make them vulnerable to attacks. IP phone endpoints should be protected in a similar manner to servers in the environment. ![]() The IP phone is a target for attacks, just like all other components of the network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |