|
March 07, 2008
Going VoIP, the Safe Way
By Brian Solomon, TMCnet Web Editor
Convergence ( News - Alert) can reduce costs, improve quality, and simplify management. But as voice should exist on the network as yet another application, it poses new challenges to the enterprise and new potential security risks arise.
There is still a relatively low awareness throughout corporate America as to the various risks that can be posed by converged VoIP solutions. In a converged VoIP deployment, a single Ethernet cable provides both the phone service and the computer connection. As most IP  Phones have an Ethernet jack on the back to plug in the computer, this provides the enterprise cost savings on both cabling and moves/adds/changes. However, this same functionality can open up new security holes in the network. Outsiders can gain privileged access through publicly accessible IP phones, such as those found in lobbies, hotel rooms, and conference rooms. There is a possibility for unauthorized users to get to places that don’t belong on the network, and it is important for those deploying VoIP technology to understand the risks.
The “Voice VLAN” is a special access port feature of Ethernet Switches which allows IP Phones to auto-configure and easily associate to a logically separate VLAN. This feature provided various benefits, but one particular benefit is when the Voice VLAN is enabled on a switch port that is also enabled to allow simultaneous access for a regular PC. This feature allows a PC to be daisy chained to an IP Phone and the connection for both PC and Phone to be trunked through the same physical Ethernet cable.
Enabling Voice VLANs raises the complexity of properly securing these physical Ethernet ports. Enabling without the proper security controls in place can increase the risk to an organization. When implementing a VoIP network, it should not be assumed that the security of the IP Phones and Voice VLANs is assured in a default installation. Due to the simple nature of attacks and the potential critical losses that can result, VoIP Integrators should implement rigorous protection safeguards to these Ethernet ports, and test the Ethernet ports of connected IP Phones to ensure that they match the security goals of the environment.
Brian Solomon is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Brian Solomon’s columnist page.
Don't forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.
Internet Protocol (IP) | X | | IP stands for Internet Protocol, a data-networking protocol developed throughout the 1980s. It is the established standard protocol for transmitting and receiving data
in packets over the Internet. I...more |
Voice over IP (VoIP) | X | | A real-time communications system that converts voice into digital packets containing media and signaling data that travel over networks using Internet Protocol....more |
Ethernet | X | | An industry-standard network hardware specification (IEEE 802.3) developed by IEEE that offers dedicated network (and Internet) access. Standard Ethernet is half-duplex transmission system. That is, d...more |
(source: http://voipservices.tmcnet.com/feature/articles/22460-going-voip-safe-way.htm)
|
|
TMCnet LOGIN
Webinars
