Here’s a video on how someone rogue can exploit the web server of an IP Phone / Soft Phone installed in your organization and get information about call processing server, TFTP, network information and so on.
CIPC / IP Phone Web Server Exploit – Revealing Ton of Information
To know about more attacks on the same lines and how you can defend your turf, read Cisco Press publication Securing Cisco IP Telephony Networks
Securing Cisco IP Telephony Networks provides an all-in-one reference to Cisco UC, IP Telephony and security professionals as well as decision makers. Here’s your chance to grab two free chapters offered by Cisco Press as sample content from the newly released book.
While Chapter 1 introduces you to the world of Cisco IP Telephony security as well as various threats, business challenges, and so on Chapter 4 gives an insight to a Security Framework around Cisco IP Telephony / Unified Communications which will enable you/your organization to successfully implement the right level of security for Cisco UC applications, underlying network, devices, and so on.
You can access the free content here:
Chapter 1 courtesy Cisco Press
Index and Chapter 4 courtesy Cisco Press
If you enjoyed the free sample chapters, you can buy the eBook or grab a paperback copy @
Amazon (Kindle edition, eBook)
For Indian Subcontinent/AsiaPac readers Infibeam (Paperback)
Securing Cisco IP Telephony Networks was recently reviewed by www.firewall.cx, the first and only approved official reviewer of Cisco Press books.
The book got a 100% review score and five stars!
Here’s an excerpt of the review:
The days of staring at a mess of wires under the desk coming out of a PSTN Master Socket are truly over. The advent of VoIP has broken the stranglehold of a telephone cable and the network has finally taken over. I would not say that IP Telephony has revolutionised the telephony sector. That momentous transition happened years ago. We currently are going through a phase where it is common to have IP Telephony integrated into any enterprise and network administrators are actively implementing security measures and policies to it. Network security is of paramount importance and IP Telephony is not to be left behind. The fact is that Cisco, the market leader in network technology, also happens to be leading the IP Telephony field. Hence it has rightly decided that establishing robust security architecture is core to Cisco IP Telephony.
The latest Cisco title addresses the aforementioned issue promptly and efficiently. Whenever a technology becomes efficient, scalable and portable and is seen as an improvement on the incumbent technology, it is deemed indispensable. From that moment it also becomes a point of failure that can cripple a business because it has now inherited security vulnerabilities and threats. The same can be said about Cisco IP Telephony. What this books aims to achieve is, and I quote, “to explain an End-to-End IP Telephony Security approach and architecture…” And I assure you, this title does plenty of justice to that aim. So let’s dig deeper into the way this book deals with the issues and how it tackles security policies, principles and their respective implementations.
Salient Features
In the introductory section of ‘Who should read this book?’, it is touted that “anyone who is interested in Cisco IP Telephony and network security” should be reading this book. Even though I would not wholly reject this point, I would prefer people reading this title have some form of experience in IP Telephony, especially Cisco products. Things become easier to comprehend. That should not mean that I am restricting the readership, it only means that this is not strictly a beginner’s guide on IP Telephony itself. However I would definitely put this book down as a reference and as a guide for IP Telephony security. The typical hallmarks of a Cisco publication are all present in this title. The entire book is neatly partitioned into 4 major sections. I will do my best to present these chapters. I don’t really have a hard job to do here, as the chapters speak for themselves.
Read the full review at Review of Securing Cisco IP Telephony Networks
Buy Securing Cisco IP Telephony Networks (Amazon) Paper back or eBook
It’s always meddling when those pesky questions around design or deployment of a UC network’s security are raised. More often than not one finds him/her (self) amid a flurry of queries.
Now, there’s a guide, a reference, and a companion to be with you always when there are queries around Cisco IP Telephony / UC security. You won’t be left alone when the discussion is around securing the UC applications or underlying network. Cisco Press publication ‘Securing Cisco IP Telephony Networks’ will be with you to address any and all queries pertinent to secure Cisco UC design approach or deployment strategy.
The book is available in paperback and eBook format:
Akhil's Cloud and Security Blog 