Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1308
Views
0
Helpful
5
Replies

Identity spoofing when using VTGO softphone

Driss BENATTOU
Level 4
Level 4

‎11-19-2012 04:55 PM - edited ‎03-16-2019 02:16 PM

Hi,

I want to mitigate to identity spoofing when someone uses softphone with the same MAC Address of hard phone. what's the simple security method to block this attack.

Regards

Driss

Labels:
0 Helpful
5 Replies 5

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-01-2012 05:23 AM

If you're using a third-party SIP softphone you could define a SIP DIGEST User on the device, set a DIGEST password on that End User, and require Digest Authentication on the Phone Security Profile. William Bell wrote up a great blog on this topic.

With Cisco phones, SIP or SCCP, you would need to enable mixed mode and give the legitimate phone a LSC to present during registration and ongoing signaling operations. This is documented in Security Guide.

Please remember to rate helpful responses and identify helpful or correct answers.

0 Helpful

Akhil Behl
Level 1
Level 1

‎12-01-2012 11:31 AM

Hi Driss,

There're a number of ways you can stop identity spoofing aka MAC / SIP spoofing in a soft phone.

1. Hardocde the device name in CUCM to something other than MAC address which someone can spoof and ensure that the end point also registers with same

2. In windows you can disable registry keys such that the end user is unable to modify the settings for the soft phone. For detailed instructions you can refer to chapter 15 of Securing Cisco IP Telephony Networks

http://www.ciscopress.com/store/securing-cisco-ip-telephony-networks-9781587142956

3. You can leverage CAPF certificates such that one MAC / identity gets only 1 certificate and cannot register without it. While with VTGO this may have limited functionality, this is usefaul in case of IP Communicator, CUPC etc.

4. You can leverage SIP authentication for third party phones. This is also covered in aforementioned book.

All in all there're various attacks which can be launched against an endpoint and various ways in which these can be mitigated. Refer to Secruing Cisco IP Telephony Networks to read about an end-to-end security construct and deploy it for your environment as per risk, cost, manpower, and other aspects.


Akhil Behl
Solutions Architect
akbehl@cisco.com

Author of “Securing Cisco IP Telephony Networks”
http://www.ciscopress.com/title/1587142953

Akhil Behl Solutions Architect akbehl@cisco.com Author of “Securing Cisco IP Telephony Networks” http://www.ciscopress.com/title/1587142953
0 Helpful

Driss BENATTOU
Level 4
Level 4
In response to Akhil Behl

‎12-26-2012 03:34 AM

Hi Akhil,

Can you please advise on how to hardcode device name to something other than MAC address ?

Regards

Driss

0 Helpful

Akhil Behl
Level 1
Level 1
In response to Driss BENATTOU

‎12-26-2012 05:04 AM

This method is specific to Cisco IP Communicator. You can add CIPC in CUCM by username or anything you like. This is shown in attached image.

As VTGO emulates physical endpoints, you cannot use this mechanism with it.

Please read Chapter 15 of Securing Cisco IP Telephony Networks to see how ytou can safeguard endpoints from attacks. Also, Chapters 6, 7, 8, 9 depict various network and application layer security specifics for UC endpoints.

http://www.amazon.com/Securing-Telephony-Networks-Networking-Technology/dp/1587142953

Akhil Behl
Solutions Architect
akbehl@cisco.com

Author of “Securing Cisco IP Telephony Networks”
http://www.ciscopress.com/title/1587142953

Akhil Behl Solutions Architect akbehl@cisco.com Author of “Securing Cisco IP Telephony Networks” http://www.ciscopress.com/title/1587142953
0 Helpful

Driss BENATTOU
Level 4
Level 4
In response to Akhil Behl

‎12-26-2012 06:09 AM

Hi,

Thank you for your answer.

Ok, I knew this method. I have a doubt that is applicable for another type of phones.

Regards

Driss

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents