I have been traveling and immersed in several projects for the last couple of weeks and on all clients I saw IP Phones and I can say that on all clients they where not secured. In fact as you can see in the attached picture I had all the info by just pressing some buttons. I have always give the advice to my clients but it tends to fall in to deaf ears. In fact when asking almost all the guys I know who administer VOIP infrastructures do not even encrypt RSTP stream!! and many have phones in lobby and conference rooms and exposed jacks that only use CDP as a means to acces the VOIP VLAN, voiphopper anyone?