This document covers the configuration procedure to implement endpoint hardening for securing Cisco Unified Communications Manager devices against various forms of attacks and vulnerabilities. Deploying a VoIP infrastructure introduces a new set of challenges and Securing Unified Communications allows the phones to communicate over the secure real time protocol and prevent access from allowing unsecured devices.
Implementing endpoint hardening on CUCM
Endpoint hardening can provide greater protection from various forms of attacks.
To harden an endpoint from various forms of attacks and vulnerabilities, perform the following:
1. Navigate to the endpoint to be hardened on the Cisco Unified Communications Administration page: Device --> Phone
2. Under the Product Specific Configuration Layout section, enable or disable the following fields as required:
Based on your requirement you can disable the fields which are not required. Those that are not required can be disabled as part of endpoint hardening.
PC Port - Disabled
This prevents the users from connecting a computer to the network by way of this port, useful for disabling the phones connected in lobby/reception area.
Settings Access - Disabled
Disabling access to the settings menu prevents a user from gathering information about the networking, including relevant IP addresses and VLAN information
Gratuitous ARP - Disabled
PC Voice VLAN Access – Disabled
Disabling the PC Port VLAN access, prevent users connected to the phone from sniffing voice traffic. This feature can be useful for administrators when troubleshooting, but in general should be disabled and enabled on an as-needed basis.
Video capabilities – Disable
Auto Line select - Disabled
Web Access - Disabled
3. Click --> Save.
4. Click --> Reset.
5. Repeat these steps for each endpoint that requires hardening.
By doing this we can increase the security of our setup and prevent our phones from attacks such as Gratuitous ARP poisoning.
Hello I have a client that would like to upgrade from Cisco TMS 15.2. to TMS 15.10 on the same server BE6K (M4), ¿Can I still using the license I received on TMS 15.2? or ¿ Do I need to buy a new license key? Thanks for your time
Hello All, I recently enabled tokenless mixed mode on my 11.5 SU7 cluster. 8865 endpoints get the CTL files and are able to make encrypted calls with no issue. While trying to register a TP endpoint in secure mode i realized that the endpoint was&nbs...
I have an old version of Cisco IMC (2.0(3d)) running on a UCS C220 M3.I've downloaded the HUU iso and extracted it and was looking for the zip file for the Cisco IMC, but cannot find any zip files. I followed the document here, but it contains no zip...
Hello Community!I have a question about Webex Events. If i schedule a event for my organisation, my name is shown for the scheduled event as the host. I would prefer the possibility that the name of my organisation is shown. :-) I know that ther...
Hello, I am trying to configure the forwarding of calls to my cell phone from CUCEM, I have several forwardings configured and they work perfectly, but they are permanently configured and what I want to do is that each user can activate and deactivat...