Whereas Cisco firewall solutions provide access control for external users, port security provides access control for internal users. A built-in feature on Cisco routers and switches, port security limits the services that network users can access based on the physical port to which they connect, and helps protect the voice system in the following ways:
â¢ Preventing toll fraud - The most basic step in preventing toll fraud is denying network access to unauthorized users. Port security enables organizations to restrict access to the voice network to particular ports. For example, a company might disallow access to the voice system from ports in locations where employees ordinarily do not use phones, such as custodial areas or the manufacturing floor. Another way that port security controls access is by directing a user into the appropriate VLAN based on the user's voice privileges. An unknown user, for example, might be directed to a guest VLAN with no or limited voice privileges, and also be subject to ACLs that prevent access to the voice system. A known user, in contrast, would be directed to the voice VLAN for that user's department.
â¢ Preventing DoS attacks - The port does not turn on until it receives confirmation that both the user and device are trusted. This helps prevent an untrusted user from connecting to the network from a private location in the company, such as a basement or custodial closet, and launching a DoS attack. To protect against DoS attacks launched by employees' computers and laptops without their knowledge, companies can combine port security with Network Admission Control (NAC) to verify that the PC or laptop is protected with the latest versions of antivirus software and Cisco Security Agent.
â¢ Preventing impersonation, spoofing, or eavesdropping - Port security can be used to limit the number of MAC addresses authorized to access the network through a given port. This eliminates the potential for someone to, for example, disconnect a legitimate IP phone, connect in its place a hub with two or more ports, and then connect an unauthorized IP phone or PC softphone to one of the hub ports to impersonate another user. The port rejects all MAC addresses other than the single known MAC address.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...