What issues can arise if there are IP phones on a network that uses 802.1x? What if, behind the phones, there are connected PCs that share the same switch port?
Voice over IP (VoIP) telephony technology is beginning to replace traditional PBX (private branch exchange) telephony in the enterprise. Last year, SearchSecurity.com discussed Cisco's move toward quadplay convergence – putting data, voice, video and mobile communications on the same network. And you're right to question the security issues of such an arrangement.
When deploying VoIP on an 802.1x network, a significant issue is the use of the Ethernet port. Most VoIP phones provide this port so that a client PC can connect to the network. If you're using 802.1x, make sure that the switch is configured to allow multiple devices on the same port. Otherwise, only the first device to establish a connection -- the phone or the PC -- will be able to access the network.
You'll also need to take measures to protect against a new kind of eavesdropping threat. By placing your voice traffic on the same network as your data traffic, it's exposed to confidentiality risks not seen on a traditional voice network. Now, if your security controls aren't up to par, any computer on your network has the potential to become an eavesdropping device. For that reason, not only should VoIP traffic be placed on a separate VLAN, but you also need to consider the security of the VLANs themselves. Read Combining 802.1x and VLANs for advice on implementing VLAN segregation, or check out Popular VLAN attacks and how to avoid them for tips on securing your VLAN implementation.
Dig Deeper on Network Protocols and Security
Related Q&A from Mike Chapple
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...continue reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ...continue reading
Now that NIST has deprecated the use of SMS 2FA, should nongovernment organizations follow suit? Expert Mike Chapple discusses the risks of SMS-based...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.