Cisco Cisco E-Mail Manager Unity Integration Option 设计指南
8-21
Cisco Unified Contact Center Enterprise 7.0, 7.1, and 7.2 SRND
OL-8669-16
Chapter 8 Securing Unified CCE
Endpoint Security
IP Phone Hardening
The IP phone device configuration in Unified CM provides the ability to disable a number of phone
features to harden the phones, such as disabling the phone's PC port or restricting access of a PC to the
voice VLAN. Changing some of these settings can disable the monitoring/recording feature of the
Unified CCE solution. The settings are defined as follows:
features to harden the phones, such as disabling the phone's PC port or restricting access of a PC to the
voice VLAN. Changing some of these settings can disable the monitoring/recording feature of the
Unified CCE solution. The settings are defined as follows:
•
PC Voice VLAN Access
–
Indicates whether the phone will allow a device attached to the PC port to access the Voice
VLAN. Disabling Voice VLAN Access will prevent the attached PC from sending and receiving
data on the Voice VLAN. It will also prevent the PC from receiving data sent and received by
the phone. Disabling this feature will disable desktop-based monitoring and recording.
VLAN. Disabling Voice VLAN Access will prevent the attached PC from sending and receiving
data on the Voice VLAN. It will also prevent the PC from receiving data sent and received by
the phone. Disabling this feature will disable desktop-based monitoring and recording.
–
Recommended setting: Enabled (default)
•
Span to PC Port
–
Indicates whether the phone will forward packets transmitted and received on the Phone Port to
the PC Port. To use this feature, PC Voice VLAN access must be enabled. Disabling this feature
will disable desktop-based monitoring and recording.
the PC Port. To use this feature, PC Voice VLAN access must be enabled. Disabling this feature
will disable desktop-based monitoring and recording.
–
Recommend setting: Enabled
The following setting should be disabled to prevent man-in-the-middle (MITM) attacks unless the
third-party monitoring and/or recording application deployed uses this mechanism for capturing of voice
streams. The CTI OS silent monitoring feature and CAD silent monitoring and recording do not depend
on Gratuitous ARP.
third-party monitoring and/or recording application deployed uses this mechanism for capturing of voice
streams. The CTI OS silent monitoring feature and CAD silent monitoring and recording do not depend
on Gratuitous ARP.
•
Gratuitous ARP
–
Indicates whether the phone will learn MAC addresses from Gratuitous ARP responses.
–
Recommended setting: Disabled