Home > Articles > Cisco Certification > CCNP Security / CCSP > CCSP CSI Exam Certification: SAFE IP Telephony Design

CCSP CSI Exam Certification: SAFE IP Telephony Design

Chapter Description

This chapter will help you prepare for the CCSP CSI Exam, with a focus on SAFE IP Telephony Design. Sample questions are included to help you study.

Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CCSP exam, a well-prepared CCSP candidate should, at a minimum, know all the details in each "Foundation Summary" section before going to take the exam.

The SAFE IP telephony design fundamentals are listed here:

  • Security and attack mitigation based on policy

  • Quality of service

  • Reliability, performance, and scalability

  • Authentication of users and devices (identity)

  • Options for high availability (some designs)

  • Secure management

These axioms have been developed for SAFE IP telephony:

  • Voice networks are targets.

  • Data and voice segmentation is key.

  • Telephony devices do not support confidentiality.

  • IP phones provide access to the data-voice segments.

  • PC-based IP phones require open access.

  • PC-based IP phones are especially susceptible to attack.

  • Controlling the voice-to-data segment interaction is key.

  • Establishing identity is key.

  • Rogue devices pose serious threats.

  • Secure and monitor all voice servers and segments.

Table 19-6 shows the key devices in the IP telephony Campus module.

Table 19-6 Key Devices in Medium-Sized IP Telephony Campus Module

Key Device

Functions

Layer 3 switch

Routes and switches voice and data traffic within the module.

Layer 2 switch (with VLAN support)

Provides network connectivity to endpoint user workstations and IP phones.

Corporate servers

Provide e-mail and voice-mail services to internal users and provide file, print, and DNS resolution to workstations.

User workstation

Provides data services and voice services (through PC-based IP phones) to end users.

NIDS appliance

Provides Layer 4 to Layer 7 packet inspection.

IP phones

Provides voice services to end users.

Call-processing manager

Provides voice services to IP telephony devices in the module.

Proxy server

Provides data services to IP phones.

Stateful firewall

Provides network-level filtering for the call-processing manager and the proxy server.


Table 19-7 shows the key devices in the large IP telephony Building module.

Table 19-7 Key Devices in Large IP Telephony Building Module

Key Device

Functions

Layer 2 switch (with VLAN support)

Provides network connectivity to endpoint user workstations and IP phones.

User workstation

Provides data services and voice services (through PC-based IP phones) to end users.

IP phones

Provide voice services to end users.


Table 19-8 shows the key devices in the large IP telephony Server module.

Table 19-8 Key Devices in Large IP Telephony Server Module

Key Device

Functions

Layer 3 switch

Routes and switches voice and data traffic within the module.

Corporate servers

Provide e-mail and voice-mail services to internal users, and provide file, print, and DNS resolution to workstations.

Call-processing manager

Provides voice services to IP telephony devices in the module.

Proxy server

Provides data services to IP phones.

Stateful firewall

Provides network-level filtering for the call-processing manager and the proxy server.