Identifying potential threats against IP phones and the attack tool or method
Explaining how signed firmware images prevent rogue or incorrect images from being placed on the IP phone
Configuring parameters in the Phone Configuration window of Cisco CallManager Administration to harden the IP phone
Explaining how disabling the PC port, the Settings button, and web access help secure the IP phone
Explaining how, by ignoring gratuitous ARP, the IP phone can help prevent a man-in-the-middle attack
Explaining how blocking the PC from accessing the voice VLAN through the IP phone prevents eavesdropping on the voice conversation
Explaining how authentication and encryption on Cisco CallManager and the IP phones prevent identity theft of the phone or Cisco CallManager server, data tampering, and call-signaling and media-stream tampering
The IP phone is a target for attacks just like all other components of the network. Very often endpoints, such as IP phones, are not protected; only servers and network infrastructure devices are hardened. This is not a good practice because IP phones have default settings that make them vulnerable to certain attacks. However, several options are available to harden IP phones and, thus, protect them against various attack and infiltration methods. This chapter discusses these methods.