What issues can arise if there are IP phones on a network that uses 802.1x? What if, behind the phones, there are connected PCs that share the same switch port?
Voice over IP (VoIP) telephony technology is beginning to replace traditional PBX (private branch exchange) telephony in the enterprise. Last year, SearchSecurity.com discussed Cisco's move toward quadplay convergence – putting data, voice, video and mobile communications on the same network. And you're right to question the security issues of such an arrangement.
When deploying VoIP on an 802.1x network, a significant issue is the use of the Ethernet port. Most VoIP phones provide this port so that a client PC can connect to the network. If you're using 802.1x, make sure that the switch is configured to allow multiple devices on the same port. Otherwise, only the first device to establish a connection -- the phone or the PC -- will be able to access the network.
You'll also need to take measures to protect against a new kind of eavesdropping threat. By placing your voice traffic on the same network as your data traffic, it's exposed to confidentiality risks not seen on a traditional voice network. Now, if your security controls aren't up to par, any computer on your network has the potential to become an eavesdropping device. For that reason, not only should VoIP traffic be placed on a separate VLAN, but you also need to consider the security of the VLANs themselves. Read Combining 802.1x and VLANs for advice on implementing VLAN segregation, or check out Popular VLAN attacks and how to avoid them for tips on securing your VLAN implementation.
Dig Deeper on Network Protocols and Security
Related Q&A from Mike Chapple
Are nonprofit organizations, like higher education institutions, subject to FTC cybersecurity regulations and oversight? Expert Mike Chapple explains.continue reading
It's important for healthcare organizations to have a clear social media policy. Expert Mike Chapple explains what needs to be in the policy to stay ...continue reading
SOC 2 evaluations can be helpful tools for organizations assessing their HIPAA compliance, but companies should not solely rely on them. Compliance ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.