Securing Cisco IP Telephony Networks

( 1 )


The real-world guide to securing Cisco-based IP telephony applications, devices, and networks

Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network ...

See more details below
Paperback (New Edition)
$60.08 price
(Save 14%)$69.99 List Price
Other sellers (Paperback)
  • All (10) from $32.00   
  • New (7) from $43.86   
  • Used (3) from $32.00   
Securing Cisco IP Telephony Networks

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$31.99 price
(Save 42%)$55.99 List Price


The real-world guide to securing Cisco-based IP telephony applications, devices, and networks

Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable.

Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter.

This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants.

  • Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements
  • Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks
  • Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security
  • Use a layered (defense-in-depth) approach that builds on underlying network security design
  • Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats
  • Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security
  • Complete coverage of Cisco IP Telephony encryption and authentication fundamentals
  • Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks
  • Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors
  • Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.

Read More Show Less

Product Details

  • ISBN-13: 9781587142956
  • Publisher: Cisco Press
  • Publication date: 9/14/2012
  • Series: Networking Technology: IP Communications Series
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 696
  • Sales rank: 1,096,866
  • Product dimensions: 7.40 (w) x 8.90 (h) x 1.50 (d)

Meet the Author

Akhil Behl , CCIE No. 19564, is a Senior Network Consultant in Cisco Services, focusing

on Cisco Collaboration and Security Architectures. He leads collaboration and security

projects worldwide for Cisco Services and the Collaborative Professional Services (CPS)

portfolio for the commercial segment. Prior to his current role, he spent ten years working

in various roles at Linksys as a Technical Support Lead, as an Escalation Engineer at

Cisco Technical Assistance Center (TAC), and as a Network Consulting Engineer in Cisco

Advanced Services.

Akhil has a bachelor of technology degree in electronics and telecommunications from

IP University, India, and a master’s degree in business administration from Symbiosis

Institute, India. He is a dual Cisco Certified Internetwork Expert (CCIE) in Voice and

Security. He also holds many other industry certifications, such as Project Management

Professional (PMP), Information Technology Infrastructure Library (ITIL) professional,

VMware Certified Professional (VCP), and Microsoft Certified Professional (MCP).

Over the course of his career, he has presented and contributed in various industry

forums such as Interop, Enterprise Connect, Cloud Connect, Cloud Summit, Computer

Society of India (CSI), Cisco Networkers, and Cisco SecCon. He also has several research

papers published to his credit in various international journals.

Read More Show Less

Table of Contents

Introduction xxiii

Part I Introduction to Cisco IP Telephony Security 3

Chapter 1 What Is IP Telephony Security and Why Do You Need It? 3

Defining IP Telephony Security 4

What Is IP Telephony? 4

What Is IP Telephony Security? 4

What Is the Rationale Behind Securing an IP Telephony Network? 6

What Can You Do to Safeguard Your IP Telephony Network? 7

IP Telephony Security Threats 8

How Do Hackers Attack an IP Telephony Network? 8

Foot Printing 9

Scanning 9

Enumeration 9

Exploit 9

Covering Tracks 10

What Are IP Telephony Security Threats and Countermeasures? 10

Threats 11

Countermeasures 12

An Insight to VoIP Security Tools 12

IP Telephony Security/Penetration Tools 13

Sniffing Tools 13

Scanning and Enumeration Tools 14

Flooding/DoS Tools 14

Signaling and Media-Manipulation Tools 15

Business Challenges and Cisco IP Telephony Security Responses 15

Common Business Challenges Associated with IP Telephony Security 15

Cisco IP Telephony Security Responses 16

Summary 17

Chapter 2 Cisco IP Telephony Security Building Blocks 19

Introduction to IP Telephony Security Methodology 19

Understanding the IP Telephony Security Methodology 19

Demystifying IP Telephony Security Methodology 21

IP Telephony Security Architecture 22

Exploring IP Telephony Security Methodology and Defining Security Architecture 24

IP Telephony Security Assessment and Security Policy Development 24

IP Telephony Network Security Implementation 26

Physical Security 28

Layer 2 Security 29

Layer 3 Security 29

Perimeter Security 30

IP Telephony Application Security Implementation 31

Defining the IP Telephony Network Components That Should Be Secured 32

IP Telephony Network Elements That Should Be Secured 32

Summary 34

Chapter 3 What Can You Secure and How Can You Secure It? 35

Layered Security Approach for IP Telephony Security 35

IP Telephony Layered Security Approach 36

Case Study 36

Enabling IP Telephony Security: Layer upon Layer 37

Cisco IP Telephony Security Controls 40

Discovering IP Telephony Security Controls 40

Cisco IP Telephony Security Controls 41

Cisco IP Telephony Network Security Controls 41

Cisco IP Telephony Device Security Controls 43

Cisco IP Telephony Application Security Controls 45

Cisco IP Telephony Endpoint Security Controls 48

Cisco IP Telephony Security Overview 50

Discovering End-to-End IP Telephony Security 50

Understanding Each IP Telephony Component and its Relative Security Control 52

XYZ Headquarters (Main Data Center) 52

IP Telephony Data Center Security Insight 54

IP Telephony Remote Data Center Security Insight 54

IP Telephony Remote Site Security Insight 56

Telecommuter Solution Security Insight 56

Summary 57

Chapter 4 Cisco IP Telephony Security Framework 59

Cisco IP Telephony Security Life Cycle 60

Enabling IP Telephony Security 61

Security and Risk Assessment 61

IP Telephony Security Policy Development and Enforcement 62

Planning and Designing 63

IP Telephony Network and Application Security Deployment 63

Operate and Manage 64

Monitor 64

Developing an IP Telephony Security Policy 64

Building an IP Telephony Security Policy/Strategy In line with Your Corporate Security Policy 64

Risk Assessment 65

Components of IP Telephony Security Policy 69

IP Telephony Security Policy/Strategy 70

Core IP Telephony Security Policies 72

Physical Security of IP Telephony Equipment 74

Physical Security Policy 75

Local-Area Network Security Policy 76

Wide-Area Network and Perimeter Security Policy 77

IP Telephony Server Security Policy 78

Voice Application Security Policy 79

Endpoint Security Policy 79

Conclusion 80

Evaluating Cost of Security–Cost Versus Risk 80

Cost of Implementing IP Telephony Security 81

Cost of a Security Breach 81

How to Balance Between Cost and Risk 82

Determining the Level of Security for Your IP Telephony Network 84

Case Study 84

The Riddles Are Over 86

Putting Together All the Pieces 87

IP Telephony Security Framework 87

Summary 92

Part II Cisco IP Telephony Network Security 93

Chapter 5 Cisco IP Telephony Physical Security 95

IP Telephony Physical Security 95

What Is IP Telephony Physical Security All About? 96

Physical Security Issues 97

Restricting Access to IP Telephony Facility 97

Securing the IP Telephony Data Center Perimeter 98

IP Telephony Data Center Internal Security 99

Personnel Training 100

Disaster Recovery and Survivability 100

Locking Down IP Telephony Equipment 101

Environmental Factors 102

Summary 103

Chapter 6 Cisco IP Telephony Layer 2 Security 105

Layer 2 Security Overview 105

Cisco IP Telephony Layer 2 Topology Overview 106

Why Bother with Layer 2 Security? 107

IP Telephony Layer 2 Security Issues and Mitigation 108

VLAN Hopping Attack and Mitigation 109

Attack Details 109

Mitigation 111

Spanning Tree Protocol (STP) Manipulation 112

Attack Details 112

Mitigation 112

DHCP Spoofing 113

Attack Details 113

Mitigation 114

ARP Spoofing 114

Attack Details 115

Mitigation 116

MAC Address Spoofing Attack 116

Attack Details 116

Mitigation 117

IP Spoofing Attack 119

Attack Details 119

Mitigation 120

CAM Table Overflow and DHCP Starvation Attack 120

Attack Details 121

Mitigation 122

Dealing with Rogue Endpoints: 802.1x 123

What Is 802.1x and How Does it Work? 123

EAP Authentication Methods 125

802.1x for IP Telephony 126

Layer 2 Security: Best Practices 131

Summary 133

Chapter 7 Cisco IP Telephony Layer 3 Security 135

Layer 3 Security Fundamentals: Securing Cisco IOS Routers 136

Cisco IOS Platform Security 136

Restricting Management Access 137

Securing the Console Port 138

Securing the Auxiliary Port 139

Securing the VTY Ports 139

Securing the HTTP Interface 140

Disabling Unnecessary IOS Services 142

Small Services 142

Finger Service 143

BootP 143

Cisco Discovery Protocol (CDP) 143

Proxy ARP 145

Directed Broadcast 146

Source Routing 147

Classless Routing 148

Configuration Autoloading 148

Securing TFTP 149

Securing Routing Protocols 150

Routing Information Protocol v2 (RIPv2) 151

Enhanced Interior Gateway Routing Protocol (EIGRP) 152

Open Shortest Path First (OSPF) 152

Border Gateway Protocol (BGP) 153

Securing Hot Standby Routing Protocol (HSRP) 153

Safeguarding Against ICMP Attacks 154

ICMP Unreachables 154

ICMP Mask Reply 154

ICMP Redirects 154

Constraining ICMP 155

Securing User Passwords 156

Controlling User Access and Privilege Levels 157

Enabling Local Authentication and Authorization 157

Enabling External Server-based Authentication, Authorization, and Accounting (AAA) 158

Configuring Cisco TACACS+ Based Authentication 158

Configuring Cisco TACACS+ Based Authorization 159

Configuring Cisco TACACS+ Based Accounting 159

Antispoofing Measures 160

RFC 2827 Filtering 161

Unicast Reverse Packet Forwarding (uRPF) 162

Router Banner Messages 163

Securing Network Time Protocol (NTP) 164

Blocking Commonly Exploited Ports 165

Extending Enterprise Security Policy to Your Cisco Router 165

Password Minimum Length 165

Authentication Failure Rate 166

Block Logins 166

Disable Password Recovery 166

Layer 3 Traffic Protection–Encryption 168

Layer 3 Security–Best Practices 168

Summary 169

Chapter 8 Perimeter Security with Cisco Adaptive Security Appliance 171

IP Telephony Data Center’s Integral Element: Cisco Adaptive Security Appliance 172

An Introduction to Cisco ASA Firewall 172

Cisco ASA Firewall and OSI layers 174

Cisco ASA Basics 175

Cisco ASA: Stateful Firewall 175

Cisco ASA Firewall: Interfaces 175

Cisco ASA Firewall: Security Levels 177

Cisco ASA: Firewall Modes 179

Cisco ASA: Network Address Translation 180

Cisco ASA: UTM Appliance 180

Cisco ASA: IP Telephony Firewall 181

Securing IP Telephony Data Center with Cisco ASA 182

Case Study: Perimeter Security with Cisco ASA 184

Cisco ASA QoS Support 186

Firewall Transiting for Endpoints 186

Cisco ASA Firewall (ACL Port Usage) 188

Introduction to Cisco ASA Proxy Features 201

Cisco ASA TLS Proxy 203

Cisco ASA Phone Proxy 212

Cisco VPN Phone 222

Cisco VPN Phone Prerequisites 223

Implementing VPN Phone 224

Remote Worker and Telecommuter Voice Security 227

Summary 231

Part III Cisco IP Telephony Application and Device Security 233

Chapter 9 Cisco Unified Communications Manager Security 235

Cisco Unified Communications Manager (CUCM) Platform Security 236

CUCM Linux Platform Security 237

Certificate-Based Secure Signaling and Media: Certificate Authority Proxy Function 238

Enabling CUCM Cluster Security: Mixed-Mode 240

Security by Default (SBD) 249

TFTP Download Authentication 249

TFTP Configuration File Encryption 250

Trust Verification Service (Remote Certificate and Signature Verification) 251

Using External Certificate Authority (CA) with CAPF 253

Using External Certificate Authority (CA) with Cisco Tomcat 256

Enabling Secure LDAP (LDAPS) 258

Enabling Secure LDAP Connection Between CUCM and Microsoft Active Directory 259

Securing IP Phone Conversation 261

Securing Cisco IP Phones 262

Identifying Encrypted and Authenticated Phone Calls 264

Securing Third-Party SIP Phones 264

Configuring Third-Party SIP Phone 267

Secure Tone 267

CUCM Trunk Security 271

ICT and H.225 (Gatekeeper Controlled) Secure Trunks 271

SIP Trunk Security 273

Inter Cluster Trunk Security 275

SME Trunk Security 275

Trusted Relay Point (TRP) 277

Preventing Toll Fraud 279

Partitions and Calling Search Spaces 280

Time of Day Routing 280

Block Off-Net to Off-Net Transfers 281

Conference Restrictions 281

Calling Rights for Billing and Tracking 281

Route Filters for Controlled Access 282

Access Restriction for Protocols from User VRF 282

Social Engineering 282

Securing CTI/JTAPI Connections 283

JTAPI Client Config 285

Restricting Administrative Access (User Roles and Groups) 286

Fighting Spam Over Internet Telephony (SPIT) 288

CUCM Security Audit (Logs) 290

Application Log 291

Database Log 291

Operating System Log 291

Remote Support Accounting Log 292

Enabling Audit Logs 292

Collecting and Analyzing CUCM Audit Logs 294

Analyzing Application Audit Logs 294

Single Sign-On (SSO) 295

SSO Overview 296

System Requirements for SSO 296

Configuring OpenAM SSO Server 297

Configuring Windows Desktop SSO Authentication Module Instance 300

Configure J2EE Agent Profile on OpenSSO Server 301

Configuring SSO on CUCM 303

Configuring Client Machine Browsers for SSO 306

Internet Explorer 306

Mozilla Firefox 306

Summary 307

Chapter 10 Cisco Unity and Cisco Unity Connection Security 309

Cisco Unity/Unity Connection Platform Security 310

Cisco Unity Windows Platform Security 311

OS Upgrade and Patches 311

Cisco Security Agent (CSA) 311

Antivirus 312

Server Hardening 312

Cisco Unity Connection Linux Platform Security 313

Securing Cisco Unity/Unity Connection Web Services 313

Securing Cisco Unity Web Services (SA, PCA, and Status Monitor) 313

Securing Cisco Unity Connection Web Services (Web Administration, PCA, and IMAP) 317

Preventing Toll Fraud 317

Secure Voicemail Ports 318

Cisco Unity: Secure Voicemail Ports with CUCM (SCCP) 319

Cisco Unity: Authenticated Voicemail Ports with CUCM (SIP) 321

Cisco Unity Connection: Secure Voicemail Ports with CUCM (SCCP) 323

Cisco Unity Connection: Secure Voicemail Ports with CUCM (SIP) 324

Secure LDAP (LDAPS) for Cisco Unity Connection 327

Securing Cisco Unity/Unity Connection Accounts and Passwords 327

Cisco Unity Account Policies 327

Cisco Unity Authentication 329

Cisco Unity Connection Account Polices 330

Cisco Unity/Unity Connection Class of Service 331

Cisco Unity Class of Service (and Roles) 331

Cisco Unity Connection Class of Service (and Roles) 331

Cisco Unity/Unity Connection Secure Messaging 332

Cisco Unity Secure Messaging 332

Cisco Unity Connection Secure Messaging 334

Cisco Unity/Unity Connection Security Audit (Logs) 335

Cisco Unity Security Audit 335

Cisco Unity Connection Security Audit 337

Cisco Unity Connection Single Sign-On (SSO) 338

Summary 338

Chapter 11 Cisco Unified Presence Security 339

Securing Cisco Unified Presence Server Platform 339

Application and OS Upgrades 340

Cisco Security Agent (CSA) 340

Server Hardening 340

Securing CUPS Integration with CUCM 341

Securing CUPS Integration with LDAP (LDAPS) 345

Securing Presence Federation (SIP and XMPP) 345

CUPS SIP Federation Security 347

Intra-Enterprise/Organization Presence SIP Federation 347

Inter-Enterprise/Organization Presence SIP Federation 354

CUPS XMPP Federation Security 364

Cisco Unified Personal Communicator Security 368

Securing CUPC LDAP Connectivity 368

Securing CUPC Connectivity with Cisco Unified Presence 370

Securing CUPC Connectivity with CUCM 371

Securing CUPC Connectivity with Voicemail (Cisco Unity/Unity Connection) 372

Summary 375

Chapter 12 Cisco Voice Gateway Security 377

Cisco Voice Gateway Platform Security 377

Preventing Toll Fraud on Cisco Voice Gateways 378

Call Source Authentication 378

Voice Gateway Toll Fraud Prevention by Default 379

Class of Restriction (COR) 380

Call Transfer and Forwarding 383

Securing Conference Resources 384

Securing Voice Conversations on Cisco Voice Gateways 390

Configuring MGCP Support for SRTP 391

Configuring H.323 Gateway to Support SRTP 394

Configuring SIP Gateway to Support SRTP 396

Securing Survivable Remote Site Telephony (SRST) 399

Monitoring Cisco Voice Gateways 402

Summary 403

Chapter 13 Cisco Voice Gatekeeper and Cisco Unified Border Element Security 405

Physical and Logical Security of Cisco Gatekeeper and Cisco Unified Border Element 405

Gatekeeper Security–What Is It All About? 406

Securing Cisco Gatekeeper 406

Restricted Subnet Registration 407

Gatekeeper Accounting 407

Gatekeeper Security Option 410

Gatekeeper Intra-Domain Security 410

Gatekeeper Inter-Domain Security 411

Gatekeeper HSRP Security 413

Cisco Unified Border Element Security 414

Filtering Traffic with Access Control List 416

Signaling and Media Encryption 416

Hostname Validation 417

Firewalling CUBE 417

CUBE Inherited SIP Security Features 418

Summary 420

Chapter 14 Cisco Unified Communications Manager Express and Cisco Unity

Express Security 421

Cisco Unified Communications Manager Express Platform Security 422

Preventing Toll Fraud on Cisco Unified Communications Manager Express 422

After-Hours Calling Restrictions 422

Call Transfer Restriction 423

Call Forward Restriction 424

Class of Restriction 425

Cisco Unified CME: AAA Command Accounting and Auditing 425

Cisco IOS Firewall for Cisco Unified CME 426

Cisco Unified CME: Securing GUI Access 426

Cisco Unified CME: Strict ephone Registration 427

Cisco Unified CME: Disable ephone Auto-Registration 428

Cisco Unified CME: Call Logging (CDR) 428

Cisco Unified CME: Securing Voice Traffic (TLS and SRTP) 429

Securing Cisco Unity Express Platform 435

Enabling AAA for Cisco Unity Express 437

Preventing Toll Fraud on Cisco Unity Express 438

Cisco Unity Express: Secure GUI Access 440

Summary 440

Chapter 15 Cisco IP Telephony Endpoint Security 441

Why Is Endpoint Security Important? 442

Cisco Unified IP Phone Security 443

Wired IP Phone: Hardening 443

Speakerphone 444

PC Port 445

Settings Access 445

Gratuitous Address Resolution Protocol ARP (GARP) 445

PC Voice VLAN Access 445

Video Capabilities 446

Web Access 446

Span to PC Port 446

Logging Display 447

Peer Firmware Sharing 447

Link Layer Discovery Protocol: Media Endpoint Discover (LLDP-MED) Switch Port 447

Link Layer Discovery Protocol (LLDP) PC Port 447

Configuring Unified IP Phone Hardening 447

Wired IP Phone: Secure Network Admission 448

Wired IP Phone: Voice Conversation Security 448

Wired IP Phone: Secure TFTP Communication 449

Cisco Unified Wireless IP Phone Security 449

Cisco Wireless LAN Controller (WLC) Security 450

Cisco Wireless Unified IP Phone Security 454

Hardening Cisco Wireless IP Phones 454

Profile 455

Admin Password 455

FIPS Mode 456

Securing a Cisco Wireless IP Phone 456

Securing Cisco Wireless Endpoint Conversation 456

Securing Cisco Wireless Endpoint Network Admission 457

Using Third-Party Certificates for EAP-TLS 457

Wireless IP Phone: Secure TFTP Communication 463

Securing Cisco IP Communicator 463

Hardening the Cisco IP Communicator 464

Encryption (Media and Signaling) 465

Enable Extension Mobility for CIPC 466

Lock Down MAC Address and Device Name Settings 467

Network Access Control (NAC)-Based Secured Network Access 469

VLAN Traversal for CIPC Voice Streams 469

Summary 470

Part IV Cisco IP Telephony Network Management Security 471

Chapter 16 Cisco IP Telephony: Network Management Security 473

Secure IP Telephony Network Management Design 473

In-Band Network Management 474

Securing In-Band Management Deployment 475

Out-of-Band (OOB) Network Management 475

Securing OOB Management Deployment 476

Hybrid Network Management Design 477

Securing a Hybrid Network Management Deployment 477

Securing Network Management Protocols 478

Secure Network Monitoring with SNMPv3 479

Cisco IP Telephony Applications with SNMPv3 Support 480

SNMP for Cisco IOS Routers and Switches 483

SNMP Deployment Best Practices 485

Syslog 485

Secure Syslog for IP Telephony Applications 486

Configuring Syslog in Cisco Network Devices (Cisco IOS Devices and Cisco ASA) 488

Cisco IOS Devices Syslog 488

Cisco ASA Firewall Syslog 489

Syslog Deployment Best Practices 490

Secure Shell (SSH) 491

Configuring SSH on IOS Devices 492

Enabling SSH Access on Cisco ASA 494

SSH Deployment Best Practices 495


Enabling Cisco CP for Cisco IOS Routers 496

Enabling Cisco ASA ASDM 498

HTTPS Deployment Best Practices 500

Securing VNC Management Access 500

VNC Deployment Best Practices 501

Securing Microsoft Remote Desktop Protocol 501

Configuring IP Telephony Server for Accepting Secure RDP Connections 502

Configuring RDP Client for Initiating Secure RDP Session 504

RDP Deployment Best Practices 506


TFTP/SFTP/SCP Deployment Best Practices 508

Managing Security Events 508

The Problem 508

The Solution 509

Cisco Prime Unified Operations Manager (CUOM) 512

Cisco Prime Unified Service Monitor (CUSM) 513

Cisco Unified Service Statistics Manager (CUSSM) 514

Cisco Prime Unified Provisioning Manager (CUPM) 515

Summary 515

Part V Cisco IP Telephony Security Essentials 517

Appendix A Cisco IP Telephony: Authentication and Encryption Essentials 519

Appendix B Cisco IP Telephony: Firewalling and Intrusion Prevention 551

Glossary 585

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted December 13, 2012


    Are you interested in Cisco IP Telephony and network security? If you are, then this book is for you! Author Akhil Behl, has done an outstanding job of writing a book that explains an End-to-End IP Telephony Security approach and architecture, and shows you how each piece of the puzzle fits together. Author Behl, begins by covering IP Telephony as a technology and provides an insight to rationale as to why you should be concerned about the security of your IP-based communications. Then, the author introduces you to the Cisco IP Telephony Security methodology and delves into demystifying the otherwise perceived complex IP Telephony Security methodology. He also shows you the layered security approach, which is instrumental to secure your Cisco IP Telephony network. He continues by covering many important topics such as Cisco IP Telephony Security life cycle, risk assessment, IP Telephony Security strategy, cost of security, and so on. Then, the author covers the topic of physical security as it pertains to Cisco IP Telephony to help you better prepare your network infrastructure, security policies, procedures, and organization as a whole against physical security threats from within and outside of your organization. He then introduces you to the OSI Layer 2 security issues as they pertain to Cisco IP Telephony. Next, the author presents an overview of the OSI Layer 3 security fundamentals. He also introduces you to the Cisco Adaptive Security Appliance, as an IP Telephony Firewall and shows you how to implement your organization’s security policy; thus, leveraging the features that the Cisco ASA offers. The author continues by covering the detailed steps to secure a multitude of technologies pertaining to the Cisco UCM and its integration with applications and endpoints; for example: secure phone conversations, secure trunks to ITSP and gateways, thwart toll fraud, secure CTI/JTAPI connections, and fighting SPIT. Then, he covers both Cisco Unity and Cisco Unity Connections voice messaging solution security, from an application and from a platform perspective. Next, the author discusses the security of the Cisco Unified Presence solution. He also introduces you to the Cisco IOS Voice Gateway platform security. The author continues by covering the Cisco Voice Gatekeeper and the Cisco Unified Border Element security. Then, he provides a comprehensive coverage of the security of the Cisco Unified Communications Manager Express call-control solution and the Cisco Unity Express voice-messaging solution. Next, the author covers the security of the Cisco Unified IP Phones, Cisco Wireless IP Phones, and the Cisco Unified IP communicator. Finally, he focuses on securing the IP Telephony network and application management aspect. This most excellent book focuses on providing you with an in-depth understanding of the Cisco Unified IP Telephony Security principles, features, protocols, and implementation best practices. More importantly, this great book provides an introduction to the key tools and techniques essential for securing a Cisco IP Telephony network of any sze.

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)