Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security in IP Telephony


We have customers deployed with Cisco IP Telephony solutions. We need to address the security issues in CIPT environments. Went through the SAFE whitepapers on IPT Security. But I have the following to know:

1) Can we upgrade the OS of Call Manager with the latest MS security patches and hot fixes, as and when released from MS? Will there be any application problems? Should we wait for any Cisco notifications (if there are any) on such upgrades?

2) SAFE whitepaper suggests host IDS and host antivirus programs on the Call Manager? Any issues to be taken care of, before such implementations?

Any advise on the above is warmly appreciated, since it will help me win more IPT business in my accounts.

Sekhar J S

Cisco Employee

Re: Security in IP Telephony

To address your questions:

You should wait until the updates are tested and approved for use with with call manager. Here is the install guide for the IDS on CCM:

New Member

Re: Security in IP Telephony

Are Host IDS and Anti-Virus software on Call Manager approved by TAC? My understanding is that they are not approved, is this accurate?



Re: Security in IP Telephony

I believe the CIsco Host IDS is approved and the only approved/supported anti-virus that I am aware of is Mcafee NetShield.

New Member

Re: Security in IP Telephony

Too address both of your questions

1.) You should only upgrade the call managers OS with the Cisco patches and hot fixes. The reason is that the Spirian install doesn't install the complete MS OS. Also many services that are not neccessary for CM are not installed or are disabled.

2.) IDS is a very very good idea. The HIDS product woks very well if configured correctly, McAffee and Symantec are both approved by Cisco as antivirus currently if I am not mistaken.

I recommend HIDS with all IPTelephony sales. You should work with the HIDS products and CM for a while to get familair with configurations that will maximize performance and security. If HISD is configured incorrectly you will potentialy create a DOS situation for your end users when you lock the server down.

CreatePlease login to create content