Eavesdropping Cisco IP phone Calls

Unanswered Question
Jun 8th, 2010

We have a network of Cisco LAN Switches & Unifed Communication Solition

Configuration of voice & Data VLANs on all switches


Is there is any possibility for anyone connected to the network to use hacking tools to Eavesdropping calls between the Cisco IP Phones ?

Do you I need to implement any security features that prevent Eavesdropping on the Cisco IP phones ?


Regards


Mohamed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Paolo Bevilacqua Tue, 06/08/2010 - 14:36

Yes, it is possible.

However fully securing a voip network takes a lot of effort and money in terms of configuration, testing and maintenance. Consequently you have to evaluate the pro and cons before deciding.

Mohamed Abdallah Tue, 06/08/2010 - 14:46

Notebook with a tool connected to Data VLANs can eavesdropping Calls between Cisco IP Phones in the voice VLANs !!!

What tools that can do this Eavesdropping ?

William Bell Tue, 06/08/2010 - 15:09

Maybe.


Network security is a slippery thing.  Securing voice on a network just adds to the complication.  No one can answer your question with a "yes" or a "no" because the answer is: "it depends".  It depends on how well you have handled your layered security model.  Such as physical access to the network switches, routers, servers, etc.  Do you have appropriate facility restrictions in place?  If not, then your security model is suspect.  Have you logically separated voice and data?  Sounds like you have, which is good.  Have you taken measures to avoid mac address spoofing?  Have you avoided VLAN sprawl by either limiting VLANs to individual access switches/stacks/closets or, even better, running layer 3 to the access layer.  Trunking vlans and RSPAN can be an annoying fact of life.


So, you logically separated voice and data.  Have you employed network based ACLs or firewall filters to protect voice from data?  Are you running soft phones?  If so, have you looked at UC proxy and/or Trusted Relay Point?


Does your Call Manager (or CME or whatever) have one administrator password that more than one person knows?  Do you have password policies on your admin IDs?  Do you leverage authorization controls?  Do you apply authentication/authorization policies to routers, switches, and voice gateways (using something like tacacs or radius)?


Do you have accounting policies and audit policies in place so that all of the authentication, authorization, configuration best practices remain relevant?


Security needs to be done at all layers of your network.  If you have control over all aspects of the network, configurations, policies, enforcement, etc. then you are probably A-OK.  If not, then there could be a hole somewhere.  Remember, you aren't just watching for a guy in a black over coat.


HTH.


Regards,
Bill

Brandon Svec Tue, 06/08/2010 - 16:59

You may want to research BackTrack http://www.backtrack-linux.org/  It is designed to help test network security and includes many useful tools.


Also, do a google search for "VLAN hopping on Cisco switches and phones".  youshold make sure you are not vulnerable to that common method of gaining access to the voice VLAN and therefore being able to potentially intercept and record voice streams.


Brandon

Actions

This Discussion