Tag Archives: eavesdropping

Best Practices for Deploying Secure Cisco IP Telephony Solutions

IP telephony is slowly but surely becoming part of the modern day organization’s day-to day-operations. In fact, some organizations depend on it to the extent of their core business or processes based on IP communications. Sadly though, the security aspect pertinent to IP based communications network, applications, and underlying infrastructure is usually not taken into consideration (or is ignored) when enterprises and businesses think of deploying unified communications.

On the same lines of thought, why should anyone for that matter think of securing an IP telephony network? The answer is simple however manifold:

  1. To protect the information flowing in IP communication channels from eavesdropping and reconnaissance attacks as well as from manipulation or injection attacks.
  2. To ensure that the investment in their on-premise or off-premise infrastructure pays off (ROI) and doesn’t end up in a rogue’s hands, utilizing it for malicious purposes.
  3. To lower Total Cost of Ownership (TCO) by leveraging IP communications to offset PSTN/Toll calls and reducing Moving, Addition, Configuration, and Deletion (MACD) and at the same time, keeping conversations safe.
  4. Attacks on the telephony network may result in monetary and reputation loss. Moreover, it can directly or indirectly impact the business continuity and clientage.

Today, many organizations depend on a number of IP telephony services like voice calls, instant messaging, conferencing, and video conferencing. A typical IP telephony network can face several threats like toll fraud, reconnaissance attacks, eavesdropping, Denial of Service (DoS) attack, and call hijack. While most organizations do consider that their network needs protection from internal or external threats, such a notion is missing (usually) when it comes to their IP telephony applications/devices.

Read the full article at

For more insight to Cisco IP Telephony Security refer to Cisco Press book Securing Cisco IP Telephony Networks

Leave a comment

Posted by on April 8, 2013 in UC Security Posts


Tags: , , , , , , , , , , , , , , , , , , , ,

Interested in UCSEC (Implementing Cisco Unified Communications Security)?

Interested in Cisco’s new course on securing Cisco UC networks, better known as – UCSEC or Implementing Cisco Unified Communications Security?

This course is conducted by various Cisco Learning Partners and focuses on security of Cisco UC network, from an end to end point of view. This course is comprehensive and covers almost all major aspects of Cisco UC security. I haven’t taken the course myself ( I should be teaching it 🙂 ) however, on first impression from table of contents, the course ware will help you understand the topics covered during the ILT course.

However, to gain more insight and build on real world security model – ground up you need a guide and a reference which you can take with you in those grilling sessions with customer and use during design, implementation, consulting, maintenance, or during discovery milestones of the project.

You guessed it right! You need – Securing Cisco IP Telephony Networks which will guide you through various stages of building, deploying, and maintaining a secure Cisco UC solution. This book is your true companion, guide, and reference to learning and implementing Cisco UC Security.

So, if you are planning to take UCSEC course, be sure to pick up your copy of Securing Cisco IP Telephony Networks and use it as a reference, as a text, as a guide, and as a companion.


Posted by on March 16, 2013 in UC Security Posts


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

An Insight to Cisco Unified Communications Manager Certificates

Cisco Unified Communications Manager (CUCM) is the central piece to Cisco Unified Communications / Collaboration solution. Many Collaboration services, such as voice, video, conferencing and so on, depend on CUCM. In order to provide secure CUCM access and various CUCM security features (as well as secure integration with other Cisco and third party applications) Cisco has bundled a Certificate Authority (CA) and self-signed certificates with CUCM. CUCM comes with built-in certificate authority and offers a plethora of certificates for various functions and features.

A very common notion is that certificates are used for security – which, by the way, is 100% correct! However, you may ask, where is security used? The simple answer is – Everywhere! The following list of services or security functions offered by CUCM/Endpoints give a good insight to where security is used in Cisco UC Paradigm:

  • Encrypted Device Registration
  • Encrypted Calls
  • Encrypted Phone Configuration Files
  • Secure H.323/SIP Trunks and Gateways
  • Secure Survivable Remote Site Telephony (SRST)
  • Security By Default (ITL, TVS)
  • Secure Conferencing
  • Secure LDAP
  • Secure Web Pages (Tomcat)
  • Single Sign-On (Open AM)
  • Extension Mobility Cross Cluster (EMCC)
  • Secure Voicemail ports
  • VPN Phone

And so on. With that in mind let’s understand different types of certificates and CUCM PKI model that empowers you to design, deploy, and maintain a secure Cisco UC network, and is central to the security construct of Cisco UC solution.

To read further and explore CUCM PKI and certificates, refer to Chalk Talk: An Insight to Cisco Unified Communications Manager (CUCM) Certificates

This Chalk Talk is part of Cisco Technical Services Newsletter, February edition.

To learn more about Cisco UC solution security, Cisco UC PKI, and end-to-end Cisco UC security construct refer to – Securing Cisco IP Telephony Networks

Leave a comment

Posted by on February 23, 2013 in UC Security Posts


Tags: , , , , , , , ,