Securing Cisco IP Telephony Networks

The real-world guide to securing Cisco-based IP telephony applications, devices, and networks


Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable.


Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter.


This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants.

  • Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements
  • Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks
  • Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security
  • Use a layered (defense-in-depth) approach that builds on underlying network security design
  • Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats
  • Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security
  • Complete coverage of Cisco IP Telephony encryption and authentication fundamentals
  • Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks
  • Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors
  • Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.

 

1109153076
Securing Cisco IP Telephony Networks

The real-world guide to securing Cisco-based IP telephony applications, devices, and networks


Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable.


Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter.


This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants.

  • Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements
  • Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks
  • Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security
  • Use a layered (defense-in-depth) approach that builds on underlying network security design
  • Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats
  • Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security
  • Complete coverage of Cisco IP Telephony encryption and authentication fundamentals
  • Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks
  • Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors
  • Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.

 

55.49 In Stock
Securing Cisco IP Telephony Networks

Securing Cisco IP Telephony Networks

by Akhil Behl
Securing Cisco IP Telephony Networks

Securing Cisco IP Telephony Networks

by Akhil Behl

eBook

$55.49  $58.99 Save 6% Current price is $55.49, Original price is $58.99. You Save 6%.

Available on Compatible NOOK devices, the free NOOK App and in My Digital Library.
WANT A NOOK?  Explore Now

Related collections and offers


Overview

The real-world guide to securing Cisco-based IP telephony applications, devices, and networks


Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable.


Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter.


This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants.

  • Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements
  • Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks
  • Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security
  • Use a layered (defense-in-depth) approach that builds on underlying network security design
  • Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats
  • Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security
  • Complete coverage of Cisco IP Telephony encryption and authentication fundamentals
  • Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks
  • Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors
  • Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.

 


Product Details

ISBN-13: 9780132731065
Publisher: Pearson Education
Publication date: 08/31/2012
Series: Networking Technology: IP Communications
Sold by: Barnes & Noble
Format: eBook
Pages: 696
File size: 53 MB
Note: This product may take a few minutes to download.

About the Author

Akhil Behl , CCIE No. 19564, is a Senior Network Consultant in Cisco Services, focusing

on Cisco Collaboration and Security Architectures. He leads collaboration and security

projects worldwide for Cisco Services and the Collaborative Professional Services (CPS)

portfolio for the commercial segment. Prior to his current role, he spent ten years working

in various roles at Linksys as a Technical Support Lead, as an Escalation Engineer at

Cisco Technical Assistance Center (TAC), and as a Network Consulting Engineer in Cisco

Advanced Services.

 

Akhil has a bachelor of technology degree in electronics and telecommunications from

IP University, India, and a master’s degree in business administration from Symbiosis

Institute, India. He is a dual Cisco Certified Internetwork Expert (CCIE) in Voice and

Security. He also holds many other industry certifications, such as Project Management

Professional (PMP), Information Technology Infrastructure Library (ITIL) professional,

VMware Certified Professional (VCP), and Microsoft Certified Professional (MCP).

Over the course of his career, he has presented and contributed in various industry

forums such as Interop, Enterprise Connect, Cloud Connect, Cloud Summit, Computer

Society of India (CSI), Cisco Networkers, and Cisco SecCon. He also has several research

papers published to his credit in various international journals.

Table of Contents

Introduction xxiii

 

Part I Introduction to Cisco IP Telephony Security 3

 

Chapter 1 What Is IP Telephony Security and Why Do You Need It? 3

Defining IP Telephony Security 4

    What Is IP Telephony? 4

    What Is IP Telephony Security? 4

    What Is the Rationale Behind Securing an IP Telephony Network? 6

    What Can You Do to Safeguard Your IP Telephony Network? 7

IP Telephony Security Threats 8

    How Do Hackers Attack an IP Telephony Network? 8

        Foot Printing 9

        Scanning 9

        Enumeration 9

        Exploit 9

        Covering Tracks 10

    What Are IP Telephony Security Threats and Countermeasures? 10

    Threats 11

    Countermeasures 12

An Insight to VoIP Security Tools 12

    IP Telephony Security/Penetration Tools 13

        Sniffing Tools 13

        Scanning and Enumeration Tools 14

        Flooding/DoS Tools 14

        Signaling and Media-Manipulation Tools 15

Business Challenges and Cisco IP Telephony Security Responses 15

    Common Business Challenges Associated with IP Telephony Security 15

    Cisco IP Telephony Security Responses 16

Summary 17

 

Chapter 2 Cisco IP Telephony Security Building Blocks 19

Introduction to IP Telephony Security Methodology 19

    Understanding the IP Telephony Security Methodology 19

    Demystifying IP Telephony Security Methodology 21

IP Telephony Security Architecture 22

Exploring IP Telephony Security Methodology and Defining Security Architecture 24

    IP Telephony Security Assessment and Security Policy Development 24

    IP Telephony Network Security Implementation 26

        Physical Security 28

        Layer 2 Security 29

        Layer 3 Security 29

        Perimeter Security 30

    IP Telephony Application Security Implementation 31

Defining the IP Telephony Network Components That Should Be Secured 32

    IP Telephony Network Elements That Should Be Secured 32

Summary 34

 

Chapter 3 What Can You Secure and How Can You Secure It? 35

Layered Security Approach for IP Telephony Security 35

    IP Telephony Layered Security Approach 36

        Case Study 36

    Enabling IP Telephony Security: Layer upon Layer 37

Cisco IP Telephony Security Controls 40

    Discovering IP Telephony Security Controls 40

    Cisco IP Telephony Security Controls 41

        Cisco IP Telephony Network Security Controls 41

        Cisco IP Telephony Device Security Controls 43

        Cisco IP Telephony Application Security Controls 45

        Cisco IP Telephony Endpoint Security Controls 48

Cisco IP Telephony Security Overview 50

    Discovering End-to-End IP Telephony Security 50

    Understanding Each IP Telephony Component and its Relative Security Control 52

        XYZ Headquarters (Main Data Center) 52

        IP Telephony Data Center Security Insight 54

        IP Telephony Remote Data Center Security Insight 54

        IP Telephony Remote Site Security Insight 56

        Telecommuter Solution Security Insight 56

Summary 57

 

Chapter 4 Cisco IP Telephony Security Framework 59

Cisco IP Telephony Security Life Cycle 60

    Enabling IP Telephony Security 61

        Security and Risk Assessment 61

        IP Telephony Security Policy Development and Enforcement 62

        Planning and Designing 63

        IP Telephony Network and Application Security Deployment 63

        Operate and Manage 64

        Monitor 64

Developing an IP Telephony Security Policy 64

    Building an IP Telephony Security Policy/Strategy In line with Your Corporate Security Policy 64

    Risk Assessment 65

    Components of IP Telephony Security Policy 69

        IP Telephony Security Policy/Strategy 70

        Core IP Telephony Security Policies 72

    Physical Security of IP Telephony Equipment 74

    Physical Security Policy 75

    Local-Area Network Security Policy 76

    Wide-Area Network and Perimeter Security Policy 77

    IP Telephony Server Security Policy 78

    Voice Application Security Policy 79

    Endpoint Security Policy 79

    Conclusion 80

Evaluating Cost of Security–Cost Versus Risk 80

    Cost of Implementing IP Telephony Security 81

    Cost of a Security Breach 81

    How to Balance Between Cost and Risk 82

Determining the Level of Security for Your IP Telephony Network 84

    Case Study 84

        The Riddles Are Over 86

Putting Together All the Pieces 87

    IP Telephony Security Framework 87

Summary 92

 

Part II Cisco IP Telephony Network Security 93

 

Chapter 5 Cisco IP Telephony Physical Security 95

IP Telephony Physical Security 95

    What Is IP Telephony Physical Security All About? 96

Physical Security Issues 97

    Restricting Access to IP Telephony Facility 97

        Securing the IP Telephony Data Center Perimeter 98

        IP Telephony Data Center Internal Security 99

    Personnel Training 100

    Disaster Recovery and Survivability 100

Locking Down IP Telephony Equipment 101

Environmental Factors 102

Summary 103

 

Chapter 6 Cisco IP Telephony Layer 2 Security 105

Layer 2 Security Overview 105

    Cisco IP Telephony Layer 2 Topology Overview 106

    Why Bother with Layer 2 Security? 107

IP Telephony Layer 2 Security Issues and Mitigation 108

    VLAN Hopping Attack and Mitigation 109

        Attack Details 109

        Mitigation 111

    Spanning Tree Protocol (STP) Manipulation 112

        Attack Details 112

        Mitigation 112

    DHCP Spoofing 113

        Attack Details 113

        Mitigation 114

    ARP Spoofing 114

        Attack Details 115

        Mitigation 116

    MAC Address Spoofing Attack 116

        Attack Details 116

        Mitigation 117

    IP Spoofing Attack 119

        Attack Details 119

        Mitigation 120

    CAM Table Overflow and DHCP Starvation Attack 120

        Attack Details 121

        Mitigation 122

Dealing with Rogue Endpoints: 802.1x 123

    What Is 802.1x and How Does it Work? 123

    EAP Authentication Methods 125

    802.1x for IP Telephony 126

Layer 2 Security: Best Practices 131

Summary 133

 

Chapter 7 Cisco IP Telephony Layer 3 Security 135

Layer 3 Security Fundamentals: Securing Cisco IOS Routers 136

Cisco IOS Platform Security 136

Restricting Management Access 137

    Securing the Console Port 138

    Securing the Auxiliary Port 139

    Securing the VTY Ports 139

    Securing the HTTP Interface 140

Disabling Unnecessary IOS Services 142

    Small Services 142

    Finger Service 143

    BootP 143

    Cisco Discovery Protocol (CDP) 143

    Proxy ARP 145

    Directed Broadcast 146

    Source Routing 147

    Classless Routing 148

    Configuration Autoloading 148

    Securing TFTP 149

Securing Routing Protocols 150

    Routing Information Protocol v2 (RIPv2) 151

    Enhanced Interior Gateway Routing Protocol (EIGRP) 152

    Open Shortest Path First (OSPF) 152

    Border Gateway Protocol (BGP) 153

Securing Hot Standby Routing Protocol (HSRP) 153

Safeguarding Against ICMP Attacks 154

    ICMP Unreachables 154

    ICMP Mask Reply 154

    ICMP Redirects 154

    Constraining ICMP 155

Securing User Passwords 156

Controlling User Access and Privilege Levels 157

    Enabling Local Authentication and Authorization 157

    Enabling External Server-based Authentication, Authorization, and Accounting (AAA) 158

        Configuring Cisco TACACS+ Based Authentication 158

        Configuring Cisco TACACS+ Based Authorization 159

        Configuring Cisco TACACS+ Based Accounting 159

Antispoofing Measures 160

    RFC 2827 Filtering 161

    Unicast Reverse Packet Forwarding (uRPF) 162

Router Banner Messages 163

Securing Network Time Protocol (NTP) 164

Blocking Commonly Exploited Ports 165

Extending Enterprise Security Policy to Your Cisco Router 165

    Password Minimum Length 165

    Authentication Failure Rate 166

    Block Logins 166

    Disable Password Recovery 166

Layer 3 Traffic Protection–Encryption 168

Layer 3 Security–Best Practices 168

Summary 169

 

Chapter 8 Perimeter Security with Cisco Adaptive Security Appliance 171

IP Telephony Data Center’s Integral Element: Cisco Adaptive Security Appliance 172

    An Introduction to Cisco ASA Firewall 172

        Cisco ASA Firewall and OSI layers 174

    Cisco ASA Basics 175

        Cisco ASA: Stateful Firewall 175

        Cisco ASA Firewall: Interfaces 175

        Cisco ASA Firewall: Security Levels 177

        Cisco ASA: Firewall Modes 179

        Cisco ASA: Network Address Translation 180

        Cisco ASA: UTM Appliance 180

        Cisco ASA: IP Telephony Firewall 181

Securing IP Telephony Data Center with Cisco ASA 182

    Case Study: Perimeter Security with Cisco ASA 184

        Cisco ASA QoS Support 186

        Firewall Transiting for Endpoints 186

        Cisco ASA Firewall (ACL Port Usage) 188

    Introduction to Cisco ASA Proxy Features 201

Cisco ASA TLS Proxy 203

Cisco ASA Phone Proxy 212

Cisco VPN Phone 222

    Cisco VPN Phone Prerequisites 223

    Implementing VPN Phone 224

Remote Worker and Telecommuter Voice Security 227

Summary 231

 

Part III Cisco IP Telephony Application and Device Security 233

 

Chapter 9 Cisco Unified Communications Manager Security 235

Cisco Unified Communications Manager (CUCM) Platform Security 236

    CUCM Linux Platform Security 237

Certificate-Based Secure Signaling and Media: Certificate Authority Proxy Function 238

    Enabling CUCM Cluster Security: Mixed-Mode 240

Security by Default (SBD) 249

    TFTP Download Authentication 249

    TFTP Configuration File Encryption 250

    Trust Verification Service (Remote Certificate and Signature Verification) 251

Using External Certificate Authority (CA) with CAPF 253

Using External Certificate Authority (CA) with Cisco Tomcat 256

Enabling Secure LDAP (LDAPS) 258

    Enabling Secure LDAP Connection Between CUCM and Microsoft Active Directory 259

Securing IP Phone Conversation 261

    Securing Cisco IP Phones 262

    Identifying Encrypted and Authenticated Phone Calls 264

    Securing Third-Party SIP Phones 264

    Configuring Third-Party SIP Phone 267

Secure Tone 267

CUCM Trunk Security 271

    ICT and H.225 (Gatekeeper Controlled) Secure Trunks 271

    SIP Trunk Security 273

    Inter Cluster Trunk Security 275

    SME Trunk Security 275

Trusted Relay Point (TRP) 277

Preventing Toll Fraud 279

    Partitions and Calling Search Spaces 280

    Time of Day Routing 280

    Block Off-Net to Off-Net Transfers 281

    Conference Restrictions 281

    Calling Rights for Billing and Tracking 281

    Route Filters for Controlled Access 282

    Access Restriction for Protocols from User VRF 282

    Social Engineering 282

Securing CTI/JTAPI Connections 283

    JTAPI Client Config 285

Restricting Administrative Access (User Roles and Groups) 286

Fighting Spam Over Internet Telephony (SPIT) 288

CUCM Security Audit (Logs) 290

    Application Log 291

    Database Log 291

    Operating System Log 291

    Remote Support Accounting Log 292

        Enabling Audit Logs 292

        Collecting and Analyzing CUCM Audit Logs 294

    Analyzing Application Audit Logs 294

Single Sign-On (SSO) 295

    SSO Overview 296

    System Requirements for SSO 296

    Configuring OpenAM SSO Server 297

    Configuring Windows Desktop SSO Authentication Module Instance 300

    Configure J2EE Agent Profile on OpenSSO Server 301

    Configuring SSO on CUCM 303

    Configuring Client Machine Browsers for SSO 306

        Internet Explorer 306

        Mozilla Firefox 306

Summary 307

 

Chapter 10 Cisco Unity and Cisco Unity Connection Security 309

Cisco Unity/Unity Connection Platform Security 310

    Cisco Unity Windows Platform Security 311

        OS Upgrade and Patches 311

        Cisco Security Agent (CSA) 311

        Antivirus 312

        Server Hardening 312

    Cisco Unity Connection Linux Platform Security 313

Securing Cisco Unity/Unity Connection Web Services 313

    Securing Cisco Unity Web Services (SA, PCA, and Status Monitor) 313

    Securing Cisco Unity Connection Web Services (Web Administration, PCA, and IMAP) 317

Preventing Toll Fraud 317

Secure Voicemail Ports 318

    Cisco Unity: Secure Voicemail Ports with CUCM (SCCP) 319

    Cisco Unity: Authenticated Voicemail Ports with CUCM (SIP) 321

    Cisco Unity Connection: Secure Voicemail Ports with CUCM (SCCP) 323

    Cisco Unity Connection: Secure Voicemail Ports with CUCM (SIP) 324

Secure LDAP (LDAPS) for Cisco Unity Connection 327

Securing Cisco Unity/Unity Connection Accounts and Passwords 327

    Cisco Unity Account Policies 327

    Cisco Unity Authentication 329

    Cisco Unity Connection Account Polices 330

Cisco Unity/Unity Connection Class of Service 331

    Cisco Unity Class of Service (and Roles) 331

    Cisco Unity Connection Class of Service (and Roles) 331

Cisco Unity/Unity Connection Secure Messaging 332

Cisco Unity Secure Messaging 332

    Cisco Unity Connection Secure Messaging 334

    Cisco Unity/Unity Connection Security Audit (Logs) 335

Cisco Unity Security Audit 335

    Cisco Unity Connection Security Audit 337

Cisco Unity Connection Single Sign-On (SSO) 338

Summary 338

 

Chapter 11 Cisco Unified Presence Security 339

Securing Cisco Unified Presence Server Platform 339

    Application and OS Upgrades 340

    Cisco Security Agent (CSA) 340

    Server Hardening 340

Securing CUPS Integration with CUCM 341

Securing CUPS Integration with LDAP (LDAPS) 345

Securing Presence Federation (SIP and XMPP) 345

    CUPS SIP Federation Security 347

        Intra-Enterprise/Organization Presence SIP Federation 347

        Inter-Enterprise/Organization Presence SIP Federation 354

        CUPS XMPP Federation Security 364

Cisco Unified Personal Communicator Security 368

    Securing CUPC LDAP Connectivity 368

    Securing CUPC Connectivity with Cisco Unified Presence 370

    Securing CUPC Connectivity with CUCM 371

    Securing CUPC Connectivity with Voicemail (Cisco Unity/Unity Connection) 372

Summary 375

 

Chapter 12 Cisco Voice Gateway Security 377

Cisco Voice Gateway Platform Security 377

Preventing Toll Fraud on Cisco Voice Gateways 378

    Call Source Authentication 378

    Voice Gateway Toll Fraud Prevention by Default 379

    Class of Restriction (COR) 380

    Call Transfer and Forwarding 383

Securing Conference Resources 384

Securing Voice Conversations on Cisco Voice Gateways 390

    Configuring MGCP Support for SRTP 391

    Configuring H.323 Gateway to Support SRTP 394

    Configuring SIP Gateway to Support SRTP 396

Securing Survivable Remote Site Telephony (SRST) 399

Monitoring Cisco Voice Gateways 402

Summary 403

 

Chapter 13 Cisco Voice Gatekeeper and Cisco Unified Border Element Security 405

Physical and Logical Security of Cisco Gatekeeper and Cisco Unified Border Element 405

Gatekeeper Security–What Is It All About? 406

Securing Cisco Gatekeeper 406

    Restricted Subnet Registration 407

    Gatekeeper Accounting 407

    Gatekeeper Security Option 410

    Gatekeeper Intra-Domain Security 410

    Gatekeeper Inter-Domain Security 411

    Gatekeeper HSRP Security 413

Cisco Unified Border Element Security 414

    Filtering Traffic with Access Control List 416

    Signaling and Media Encryption 416

    Hostname Validation 417

    Firewalling CUBE 417

    CUBE Inherited SIP Security Features 418

Summary 420

 

Chapter 14 Cisco Unified Communications Manager Express and Cisco Unity

Express Security 421

Cisco Unified Communications Manager Express Platform Security 422

Preventing Toll Fraud on Cisco Unified Communications Manager Express 422

    After-Hours Calling Restrictions 422

    Call Transfer Restriction 423

    Call Forward Restriction 424

    Class of Restriction 425

Cisco Unified CME: AAA Command Accounting and Auditing 425

Cisco IOS Firewall for Cisco Unified CME 426

Cisco Unified CME: Securing GUI Access 426

Cisco Unified CME: Strict ephone Registration 427

Cisco Unified CME: Disable ephone Auto-Registration 428

Cisco Unified CME: Call Logging (CDR) 428

Cisco Unified CME: Securing Voice Traffic (TLS and SRTP) 429

Securing Cisco Unity Express Platform 435

Enabling AAA for Cisco Unity Express 437

Preventing Toll Fraud on Cisco Unity Express 438

Cisco Unity Express: Secure GUI Access 440

Summary 440

 

Chapter 15 Cisco IP Telephony Endpoint Security 441

Why Is Endpoint Security Important? 442

Cisco Unified IP Phone Security 443

    Wired IP Phone: Hardening 443

        Speakerphone 444

        PC Port 445

        Settings Access 445

        Gratuitous Address Resolution Protocol ARP (GARP) 445

        PC Voice VLAN Access 445

        Video Capabilities 446

        Web Access 446

        Span to PC Port 446

        Logging Display 447

        Peer Firmware Sharing 447

        Link Layer Discovery Protocol: Media Endpoint Discover (LLDP-MED) Switch Port 447

        Link Layer Discovery Protocol (LLDP) PC Port 447

    Configuring Unified IP Phone Hardening 447

    Wired IP Phone: Secure Network Admission 448

    Wired IP Phone: Voice Conversation Security 448

    Wired IP Phone: Secure TFTP Communication 449

Cisco Unified Wireless IP Phone Security 449

    Cisco Wireless LAN Controller (WLC) Security 450

    Cisco Wireless Unified IP Phone Security 454

    Hardening Cisco Wireless IP Phones 454

        Profile 455

        Admin Password 455

        FIPS Mode 456

    Securing a Cisco Wireless IP Phone 456

    Securing Cisco Wireless Endpoint Conversation 456

    Securing Cisco Wireless Endpoint Network Admission 457

        Using Third-Party Certificates for EAP-TLS 457

    Wireless IP Phone: Secure TFTP Communication 463

Securing Cisco IP Communicator 463

    Hardening the Cisco IP Communicator 464

    Encryption (Media and Signaling) 465

    Enable Extension Mobility for CIPC 466

    Lock Down MAC Address and Device Name Settings 467

    Network Access Control (NAC)-Based Secured Network Access 469

    VLAN Traversal for CIPC Voice Streams 469

Summary 470

 

Part IV Cisco IP Telephony Network Management Security 471

 

Chapter 16 Cisco IP Telephony: Network Management Security 473

Secure IP Telephony Network Management Design 473

    In-Band Network Management 474

        Securing In-Band Management Deployment 475

    Out-of-Band (OOB) Network Management 475

        Securing OOB Management Deployment 476

    Hybrid Network Management Design 477

        Securing a Hybrid Network Management Deployment 477

Securing Network Management Protocols 478

Secure Network Monitoring with SNMPv3 479

    Cisco IP Telephony Applications with SNMPv3 Support 480

    SNMP for Cisco IOS Routers and Switches 483

    SNMP Deployment Best Practices 485

Syslog 485

    Secure Syslog for IP Telephony Applications 486

    Configuring Syslog in Cisco Network Devices (Cisco IOS Devices and Cisco ASA) 488

        Cisco IOS Devices Syslog 488

        Cisco ASA Firewall Syslog 489

    Syslog Deployment Best Practices 490

Secure Shell (SSH) 491

    Configuring SSH on IOS Devices 492

    Enabling SSH Access on Cisco ASA 494

    SSH Deployment Best Practices 495

HTTP/HTTPS 495

    Enabling Cisco CP for Cisco IOS Routers 496

    Enabling Cisco ASA ASDM 498

    HTTPS Deployment Best Practices 500

Securing VNC Management Access 500

    VNC Deployment Best Practices 501

Securing Microsoft Remote Desktop Protocol 501

    Configuring IP Telephony Server for Accepting Secure RDP Connections 502

    Configuring RDP Client for Initiating Secure RDP Session 504

    RDP Deployment Best Practices 506

TFTP/SFTP/SCP 507

    TFTP/SFTP/SCP Deployment Best Practices 508

Managing Security Events 508

    The Problem 508

    The Solution 509

    Cisco Prime Unified Operations Manager (CUOM) 512

    Cisco Prime Unified Service Monitor (CUSM) 513

    Cisco Unified Service Statistics Manager (CUSSM) 514

    Cisco Prime Unified Provisioning Manager (CUPM) 515

Summary 515

 

Part V Cisco IP Telephony Security Essentials 517

 

Appendix A Cisco IP Telephony: Authentication and Encryption Essentials 519

 

Appendix B Cisco IP Telephony: Firewalling and Intrusion Prevention 551

 

Glossary 585

From the B&N Reads Blog

Customer Reviews