This document covers the configuration procedure to implement endpoint hardening for securing Cisco Unified Communications Manager devices against various forms of attacks and vulnerabilities. Deploying a VoIP infrastructure introduces a new set of challenges and Securing Unified Communications allows the phones to communicate over the secure real time protocol and prevent access from allowing unsecured devices.
Implementing endpoint hardening on CUCM
Endpoint hardening can provide greater protection from various forms of attacks.
To harden an endpoint from various forms of attacks and vulnerabilities, perform the following:
1. Navigate to the endpoint to be hardened on the Cisco Unified Communications Administration page: Device --> Phone
2. Under the Product Specific Configuration Layout section, enable or disable the following fields as required:
Based on your requirement you can disable the fields which are not required. Those that are not required can be disabled as part of endpoint hardening.
PC Port - Disabled
This prevents the users from connecting a computer to the network by way of this port, useful for disabling the phones connected in lobby/reception area.
Settings Access - Disabled
Disabling access to the settings menu prevents a user from gathering information about the networking, including relevant IP addresses and VLAN information
Gratuitous ARP - Disabled
PC Voice VLAN Access – Disabled
Disabling the PC Port VLAN access, prevent users connected to the phone from sniffing voice traffic. This feature can be useful for administrators when troubleshooting, but in general should be disabled and enabled on an as-needed basis.
Video capabilities – Disable
Auto Line select - Disabled
Web Access - Disabled
3. Click --> Save.
4. Click --> Reset.
5. Repeat these steps for each endpoint that requires hardening.
By doing this we can increase the security of our setup and prevent our phones from attacks such as Gratuitous ARP poisoning.
Does anyone have experience with the UCCX Script Editor "Name to User" step? Documentation states it looks up the directory for the user. Which directory is this, CUCM? Does it integrate through RMCM user? Thanks in advance.
I was asked to run a report for Missed Calls for a certain extension. The only way I could figure out how to do this is run a report on all incoming calls and filter them for calls that are zero seconds in length. Does anyone know of a better way or a bes...
I currently have a hunt group setup and if no one is available the user has an option to leave a message in a "shared general" mailbox or leave a message for an individual user. I have an alternate extension setup on each users phone so that they can see ...
Hi All, I’m trying to modify Video connection info in 200 ok from Cisco gateway to IPBE. Cisco Gateway is keeping IPv6 address in Video connection info in 200 ok but to replicate the issue gateway should send IPv4 address in Video connect...
Hello All,Hope you all are safe.I have a quick to question and need clarification.My IM&P running version 188.8.131.5200-32 and intergrated with MS Exchange 2016 and everything is working fine.I was informed by my exchange team that they are going to up...