cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1554
Views
10
Helpful
6
Replies

Eavesdropping Cisco IP phone Calls

We have a network of Cisco LAN Switches & Unifed Communication Solition

Configuration of voice & Data VLANs on all switches

Is there is any possibility for anyone connected to the network to use hacking tools to Eavesdropping calls between the Cisco IP Phones ?

Do you I need to implement any security features that prevent Eavesdropping on the Cisco IP phones ?

Regards

Mohamed

6 Replies 6

paolo bevilacqua
Hall of Fame
Hall of Fame

Yes, it is possible.

However fully securing a voip network takes a lot of effort and money in terms of configuration, testing and maintenance. Consequently you have to evaluate the pro and cons before deciding.

Notebook with a tool connected to Data VLANs can eavesdropping Calls between Cisco IP Phones in the voice VLANs !!!

What tools that can do this Eavesdropping ?

Leo Laohoo
Hall of Fame
Hall of Fame

Lawful Intercept.

William Bell
VIP Alumni
VIP Alumni

Maybe.

Network security is a slippery thing.  Securing voice on a network just adds to the complication.  No one can answer your question with a "yes" or a "no" because the answer is: "it depends".  It depends on how well you have handled your layered security model.  Such as physical access to the network switches, routers, servers, etc.  Do you have appropriate facility restrictions in place?  If not, then your security model is suspect.  Have you logically separated voice and data?  Sounds like you have, which is good.  Have you taken measures to avoid mac address spoofing?  Have you avoided VLAN sprawl by either limiting VLANs to individual access switches/stacks/closets or, even better, running layer 3 to the access layer.  Trunking vlans and RSPAN can be an annoying fact of life.

So, you logically separated voice and data.  Have you employed network based ACLs or firewall filters to protect voice from data?  Are you running soft phones?  If so, have you looked at UC proxy and/or Trusted Relay Point?

Does your Call Manager (or CME or whatever) have one administrator password that more than one person knows?  Do you have password policies on your admin IDs?  Do you leverage authorization controls?  Do you apply authentication/authorization policies to routers, switches, and voice gateways (using something like tacacs or radius)?

Do you have accounting policies and audit policies in place so that all of the authentication, authorization, configuration best practices remain relevant?

Security needs to be done at all layers of your network.  If you have control over all aspects of the network, configurations, policies, enforcement, etc. then you are probably A-OK.  If not, then there could be a hole somewhere.  Remember, you aren't just watching for a guy in a black over coat.

HTH.


Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Brandon Svec
Level 7
Level 7

You may want to research BackTrack http://www.backtrack-linux.org/  It is designed to help test network security and includes many useful tools.

Also, do a google search for "VLAN hopping on Cisco switches and phones".  youshold make sure you are not vulnerable to that common method of gaining access to the voice VLAN and therefore being able to potentially intercept and record voice streams.

Brandon

-- please remember to rate and mark answered helpful posts --

A good place to start understanding voice security is the relevant chapter of the CUCM SRND below:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/security.html

It provides (amongst other things) coverage of features available on Cisco switches to help prevent eavesdropping attacks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: