Cisco has a very informative document on IP Telephony, and security. Available at :
It even discusses the vomit application, which surprised me.
Basically, it says keep your voip lan/wan and your data lan/wan seperated, run arpwatch to mitigate any arp spoofing, and monitor your callmanager with an IDS (snort, or some of there IOS Intrusion detection systems.)
And of course, if you are passing traffic across a bordering gateway or another service, Encrypt it, and VPN it, silly
I'm working on a linux box transparently modified the layer 2 headers of an IP phone to spoof the mac address of a Cisco IP Phone (with the SCCP images loaded on it.) I will let you know the outcome of this, and how easy it is to have it register with the callmanager, and start intercepting calls.
This document is another good read ( Titled: The Trivial Cisco IP Phones Compromise.
What is your expert opinion on IP Telephony security? There is a lot of risks involved...
Brian McManus
CCNA, CCDA, CCNP, Spanlink: IPCC
tek at mynetworkplaces period com
It even discusses the vomit application, which surprised me.
Basically, it says keep your voip lan/wan and your data lan/wan seperated, run arpwatch to mitigate any arp spoofing, and monitor your callmanager with an IDS (snort, or some of there IOS Intrusion detection systems.)
And of course, if you are passing traffic across a bordering gateway or another service, Encrypt it, and VPN it, silly
I'm working on a linux box transparently modified the layer 2 headers of an IP phone to spoof the mac address of a Cisco IP Phone (with the SCCP images loaded on it.) I will let you know the outcome of this, and how easy it is to have it register with the callmanager, and start intercepting calls.
This document is another good read ( Titled: The Trivial Cisco IP Phones Compromise.
What is your expert opinion on IP Telephony security? There is a lot of risks involved...
Brian McManus
CCNA, CCDA, CCNP, Spanlink: IPCC
tek at mynetworkplaces period com