|
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Making the call for VoIP
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Is VoIP right for your company? You may want to put it on hold until you do the following:
Strategize. Where does your company want to be in five years? If you want to move toward a converged network, be sure to consider the operating limits of systems like voice, IPTV, data and CCTV cameras for surveillance. Gain a solid understanding of what your current infrastructure looks like, how it operates and how its users interact.
Assess the current infrastructure. If your network is in good shape before the implementation starts, chances are it can withstand the added strain of convergence. Build remediation and upgrades into your plan, and prioritize by risk and cost. Create the necessary underlying infrastructure to accommodate the new systems.
Engineer the solution. With VoIP, the threats are the same as in your standard data network, but are exacerbated by the need to adhere to a latency budget, port requirements and SIP signaling. Plan for the worst before it happens. If you have two call managers--one primary and one redundant--you should evaluate your options in case they both become infected.
Outline network operations. How will you provision services, monitor system activity and detect unauthorized devices in your new VoIP system? Consider the impact newly detected vulnerabilities might have on operations.
Prepare for outages. Incident response on a converged network is generally h...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
andled the same way as on a traditional data network, with the caveat that your company must be ready to accept the risk that telephone operations will be temporarily halted while remediation occurs. Therefore, have a plan for communicating downtime to your users.
Train yourself and your users. New skills--such as training in telephone dial plans, routing processes, signal implementations and how to interface with the public-switched telephone network--will be required to deal with telephony needs. Be sure to include training--and possibly hiring--for those necessary skill sets
--Jeff Stutzman
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Perimeter defense is a matter of latency.
In a traditional data network, you're free to add all the perimeter devices you need to feel secure. If you sense a threat, you can deploy a firewall, IPS or gateway defense without worrying if data packets will still arrive in a reasonable amount of time and without noticeable disruptions.
When you add VoIP to the network, every packet that's broadcast from your telephone will have to be processed by every device on the network. Now those extra layers of network protection multiply the problem of latency--or, the amount of time that it takes a packet to travel the network from one endpoint (in this case, telephone) to another. This is a problem.
In a standard VoIP implementation, the latency budget (the amount of latency allowed before call quality suffers) is less than 150 milliseconds. You must keep track of the amount of latency added to existing networks when you roll out new protection mechanisms. Every device that touches the packet on its route will add latency, so be judicious. Most networks can accommodate necessary security devices without adding more than 150 milliseconds of latency; make sure yours can.
Meanwhile, as networks continue to converge, you have to think ahead to devices carrying even greater demands. For instance, to provide the standard 30 frames-per-second of video performance, the network has a latency requirement of less than 20 milliseconds before the picture gets choppy. Plan for this. Make sure your network can handle its lowest common latency requirement. If you're already implementing converged networking to accommodate IPT, it will only be a matter of time before other devices and priorities are added.
A Clear Connection
When phones go dead, it's a loud wake-up call of VoIP's security shortcomings.
But these concerns aside, VoIP is actually reducing IT operating expenses. The ROI can be significant, which means that, ready or not, you will likely be introducing some form of IPT soon. No implementation will be a success right out of the box, but as VoIP continues to evolve, the process will become more streamlined.
Before rolling out any new protocol or implementation on your data networks, you must understand the risks. Risk assessments of the current (pre-IPT) environment are necessary to understand and fix its vulnerabilities before potentially adding new ones. Also, make sure your existing network is built on best practices, and plan for worst-case contingencies. To ensure success, be certain that senior management knows the costs--as well as the benefits--of moving to this more robust network.
Once up and running, develop and implement a sound strategy for maintaining current patches and virus signatures for your VoIP system. When possible, disperse call manager clusters geographically; this will add integration costs, but will allow one call manager cluster to pick up the load if another goes down.
Security departments should consider installing an IPS in front of the call manager. Although expensive upfront, it will pay for itself quickly by blocking many of the security threats facing systems today. A rule-based IPS will work for the short term in lower-bandwidth networks, but, as more applications are converged, you're better off with a hardware-based IPS.
It's always a good idea to use redundant architecture. Doing so will drive up costs, but if you can't afford to be without phone service, built-in back ups are the way to go.
VoIP is a scary investment fraught with security flaws. But, if you know where to start and how to keep your
systems secure, it can be a great business solution.
|
