We recently had an audit of our VoIP system. The auditors captured voice traffic with an H.323 sniffer. Their suggestion was to move from broadcast traffic to unicast- does this sound correct? If so how best to proceed? Or any other suggestions to secure local segment Voice traffic?
voice security mainly based on ur equipment and the topology
but in general
the idea u can make the communication between voice devices, ip phones, callmanager and h323 gateway through a firewall like ASA or IOS firewall so that u gonna allow commnunication between thses devices based on source and destination and only allow spisific protocols to be passed like sccp,tftp,http and h323 call signaling (no broadcast) and if u look here there is no udp allwoed so if u wonder how phones can make calls if there is no udp allowed the naswer is because we use firewall and firewall is a SPF capable device (spf means statefull packect filtering) so for example the phone will comunicat with callmaqnager using sccp and tftp then CCM and IP phone will negotiate the udp used for a call between two phones then based on the SPF all the subsquent traffic from the calling phon with called phone will be permited automaticaly once the call ended all the automaticly permited traffic will be removed
so it is veryhelpful and secure
if u look for exstra ip telephoney security u could use vlan acl to filter traffic between ip phones to limit any attack from phone to phone for example allow only udp between phones
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...