C H A P T E R

4-1

Cisco IP Phone Authentication and Encryption for Cisco CallManager 4.0(1)

OL-5109-01

4

Phone Hardening

To tighten security on the phone, you can perform tasks in the Phone
Configuration window of Cisco CallManager Administration.

This chapter contains information on the following topics:

•

Disabling the Gratuitous ARP Setting, page 4-1

•

Disabling Web Access Setting, page 4-2

•

Disabling the PC Voice VLAN Access Setting, page 4-2

•

Disabling the Setting Access Setting, page 4-3

•

Disabling the PC Port Setting, page 4-3

•

Performing Phone Hardening Tasks, page 4-4

Disabling the Gratuitous ARP Setting

By default, Cisco IP Phones accept Gratuitous ARP, or GARP, packets. GARPs,
which are used by devices, announce the presence of the device on the network.
However, attackers can use these packets to spoof a valid network device; for
example, an attacker could send out a GARP that claims to be the default router.
If you choose to do so, you can disable Gratuitous ARP in the Phone
Configuration window of Cisco CallManager Administration.

Note

Disabling GARP does not prevent the phone from identifying its default router.