Hi, I am a little confused. Is enabling GARP on the phone will increas the security and prevent attack or disable?
From below I copied from the link http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/4x/42scurty.html#wp1044160 it seems enable GARP will enable the Phone to prevent from attacking. But the CM phone help page on CM4.2 shows disble is right way to prevent from attack. Please clarify for me. Thanks
Just like any other data device on the network, the phones are vulnerable to traditional data attacks. The phones have features to prevent some of the common data attacks that can occur on a corporate network. One such feature is Gratuitous APR (Gratuitous Address Resolution Protocol, or GARP). This feature helps to prevent man-in-the-middle (MITM) attacks to the phone. A MITM attack involves an attacker who tricks an end station into believing that he is the router and tricks the router into believing that he is the end station. This scheme makes all the traffic between the router and the end station travel through the attacker, thus enabling the attacker to log all of the traffic or inject new traffic into the data conversation.
Gratuitous ARP helps protect the phones from having an attacker capture the signaling and RTP voice streams from the phone if the attacker was able to get onto the voice segment of the network. This feature protects only the phones; it does not protect the rest of the infrastructure from a Gratuitous ARP attack. This feature is of less importance if you are running a Cisco infrastructure because the switch port provides features that protect both the phones and the network gear. For a description of these switch port features see the section on Switch Port.