Comment Re:Hang on (Score 1) 90
I don't want to defend Cisco's laziness here, but there is a sort of logic to what they do - especially given all the VAR's that end up deploying these systems: the hardware / software is shipped so that it's easiest to deploy out of the box. A phone installation can go wrong in so many different places, it helps in troubleshooting and remote management to have everything open by default, and then start locking things down once it's running. This approach has obvious flaws, but the alternative would be a nightmare to deploy.
Given this situation, I think customers and VAR's need to be more conscious about security. Maybe Cisco could audit their VAR's to see how good they are at implementing the lock-down checklist. Or maybe they could provide such a checklist directly to the end customer.