- Cisco Unified CallManager 5.x runs on an MCS.
False. Cisco Unified CallManager 5.x is a major departure from 3.x and 4.x in that it runs on a Linux appliance instead of an MCS.
- Skinny Client Control Protocol (SCCP) or "Skinny" is the name of Cisco's proprietary signaling protocol.
True. Skinny is a lightweight H.323-like signaling protocol used by Cisco Unified CallManager and Cisco Unified Phones.
- By itself and disconnected from the CallManager, a Cisco IP phone cannot play a dial tone.
True. Cisco IP phones are dependent on the CallManager to perform most functions. A phone lifted off its cradle needs to communicate with the CallManager before it plays a tone.
- There is no easy way to disable the Web management interface from Cisco's CallManager interface.
False. You can restrict access from specific IP addresses through the CallManager interface by accessing the phone configuration window and changing Web access parameters.
- In a VoIP environment, you should always turn off Cisco Discovery Protocol (CDP) to prevent inside sniffing.
False. Though the CDP can provide an attacker with a wealth of data about your network, it also offers a great deal of management capability, and enabling it may be an acceptable trade-off in some cases.
- When Dynamic Host Configuration Protocol (DCHP) snooping is enabled,
- the Cisco switch can prevent a spoofed DCHP server from assigning IP addresses.
True. Enabling DHCP snooping blocks all replies to a DHCP request unless the specific port has been previously configured to accept replies.
- Configuring your switches and routers with the proper ingress and egress filtering rules must be done manually.
False. Cisco IOS networking devices have an "autosecure" feature to help automate this task.
- The Virtual Network Computing (VNC) program should remain enabled after use with CallManager because it contains a built-in control that limits access from within the network.
False. You should always disable the VNC after use because leaving it enabled leaves the service open to brute force.
- A Cisco-specific countermeasure for mitigating flooding attacks is to ensure that quality of service (QoS) settings are properly configured, and Cisco provides this in a step-by-step guide.
True. Cisco's IOS Quality of Service Solutions Guide provides a list for fine-tuning parameters
- Services enabled by default on the IP phone should always remain enabled for the highest level of security.
False. PC port, settings access, gratuitous ARP (GARP) and PC Voice VLAN access should generally be disabled to harden the phone.
This was first published in April 2007