Cisco Systems OL-5109-01 User's Manual
Contents
1. mi Cisco IP Phone Authentication and Encryption for Cisco CallM anager 4 0 1 OL 5109 01 Chapter4 Phone Hardening Performing Phone Hardening Tasks Mil Step5 From the drop down list box for each parameter that you want to disable choose Disabled Step6 Click Update Related Topics Interactions and Restrictions page 1 4 Disabling the Gratuitous ARP Setting page 4 1 Disabling Web Access Setting page 4 2 Disabling the PC Voice VLAN Access Setting page 4 2 Disabling the Setting Access Setting page 4 3 Disabling the PC Port Setting page 4 3 Cisco IP Phone Authentication and Encryption for Cisco CallM anager 4 0 1 OL 5109 01 E Chapter4 Phone Hardening HI Performing Phone Hardening Tasks Cisco IP Phone Authentication and Encryption for Cisco CallM anager 4 0 1 ae E OL 5109 012. Cisco IP Phone Administration Guide for Cisco CallManager Disabling the PC Port Setting By default Cisco CallManager enables the PC port on all Cisco IP Phones that have a PC port If you choose to do so you can disable the PC Port setting in the Phone Configuration window of Cisco CallManager Administration Disabling the PC port proves useful for lobby or conference room phones OL 5109 01 Cisco IP Phone Authentication and Encryption for Cisco CallM anager 4 0 1 m Chapter4 Phone Hardening HI Performing Phone Hardening Tasks Related Topics Interactions and Restrictions page 1 4 Performing Phone Hardening Tasks page 4 4 Cisco IP Phone Administration Guide for Cisco CallManager Performing Phone Hardening Tasks A Caution Step 1 Step 2 Step 3 Step 4 The following procedure disables functionality for the phone Perform the following procedure Procedure In Cisco CallManager Administration choose Device gt Phone Specify the criteria to find the phone and click Find or click Find to display a list of all phones To open the Phone Configuration window for the device click the device name Locate the following product specific parameters PC Port Settings Access Gratuitous ARP PC Voice VLAN Access e Web Access p Tip To review information on these settings click the i button help that displays next to the parameters on the Phone Configuration window
3. CHAPTER Phone Hardening To tighten security on the phone you can perform tasks in the Phone Configuration window of Cisco CallManager Administration This chapter contains information on the following topics Disabling the Gratuitous ARP Setting page 4 1 Disabling Web Access Setting page 4 2 Disabling the PC Voice VLAN Access Setting page 4 2 Disabling the Setting Access Setting page 4 3 Disabling the PC Port Setting page 4 3 Performing Phone Hardening Tasks page 4 4 Disabling the Gratuitous ARP Setting By default Cisco IP Phones accept Gratuitous ARP or GARP packets GARPs which are used by devices announce the presence of the device on the network However attackers can use these packets to spoof a valid network device for example an attacker could send out a GARP that claims to be the default router If you choose to do so you can disable Gratuitous ARP in the Phone Configuration window of Cisco CallManager Administration Note Disabling GARP does not prevent the phone from identifying its default router OL 5109 01 Cisco IP Phone Authentication and Encryption for Cisco CallM anager 4 0 1 n Chapter4 Phone Hardening HI Disabling Web Access Setting Related Topics Interactions and Restrictions page 1 4 Performing Phone Hardening Tasks page 4 4 Cisco IP Phone Administration Guide for Cisco CallManager Disabling Web Access Setting Disabling the web server functionali
4. entication and Encryption for Cisco CallManager 4 0 1 ae Chapter 4 Phone Hardening Disabling the Setting Access Setting Ml Related Topics Interactions and Restrictions page 1 4 Performing Phone Hardening Tasks page 4 4 Cisco IP Phone Administration Guide for Cisco CallManager Disabling the Setting Access Setting By default pressing the Settings button on a Cisco IP Phone provides access to a variety of information including phone configuration information Disabling the Setting Access setting in the Phone Configuration window of Cisco CallManager Administration prohibits access to all options that normally display when you press the Settings button on the phone for example the Contrast Ring Type Network Configuration Model Information and Status settings The preceding settings do not display on the phone if you disable the setting in Cisco CallManager Administration If you disable this setting the phone user cannot save the settings that are associated with the Volume button for example the user cannot save the volume Disabling this setting automatically saves the current Contrast Ring Type Network Configuration Model Information Status and Volume settings that exist on the phone To change these phone settings you must enable the Setting Access Setting in Cisco CallManager Administration Related Topics Interactions and Restrictions page 1 4 Performing Phone Hardening Tasks page 4 4
5. ty for the phone blocks access to the phone internal web pages which provide statistics and configuration information Features such as Cisco Quality Report Tool do not function properly without access to the phone web pages Disabling the web server also affects any serviceability application such as CiscoWorks that relies on web access Note Phone users cannot access the Cisco User Option Pages if you disable this option To determine if the web services are disabled the phone parses a parameter in the configuration file that indicates whether the services are disabled or enabled If the web services are disabled the phone does not open the HTTP port 80 for monitoring purposes and blocks access to the phone internal web pages Related Topics Interactions and Restrictions page 1 4 e Performing Phone Hardening Tasks page 4 4 Cisco IP Phone Administration Guide for Cisco CallManager Disabling the PC Voice VLAN Access Setting By default Cisco IP phones forward all packets that are received on the switch port the one that faces the upstream switch to the PC port If you choose to disable the PC Voice VLAN Access setting in the Phone Configuration window of Cisco CallManager Administration packets received from the PC port that use voice VLAN functionality will drop This functionality allows a device that is attached to the PC port to use 802 1Q if available but not have access to the voice VLAN Cisco IP Phone Auth
Download Pdf Manuals
Related Search