| Any time you introduce new features or products into your network, you must be aware of the fact that you may also be introducing new security threats. Technology is meant to be as an asset to the business that is to increase productivity. Unification is all the buzz lately and many applications on the network have become “unified”. This means that applications and resources on the network are integrating and seemlessly providing access through one interface. | |
| Many businesses have seen the benefits that can be provided by a VoIP phone system and have migrated their older generation system to this new technology. But, because VoIP is over the data network, there have been new security risks associated with it. Because of this, many IT departments have chosen to segregate their voice networks from their data networks as much as possible.
But now many VoIP applications offer unified communications. This integrates many data applications on the network with your voice communications. This is introducing many new ways for attackers to gain access to confidential information. Unified communications (UC) opens up your infrastructure so that users can collaborate and share ideas easier. All this opens up the VoIP network to the data network and vice versa. VoIP now integrates with applications such as LDAP, email, and instant message communications. This means that now network credentials can be stolen through the VoIP network and once those credentials are compromised, a much broader range of access can be accomplished. Softphone clients are common in UC implementations and that provides just one more point of access for attackers to take advantage of. Still though, while some of the more complicated attacks against UC in the application layer garner more attention, the more prevalent attacks are the lower network layer attacks that can deny service to VoIP networks. Protecting your network at the lower network layer can have a greater impact on your overall network security. When it comes to UC implemtations, including security planning early in the development cycle can make it much easier to create a secure environment. |
|
Sep
9
2 Responses
Leave a Comment
September 23rd, 2008 at 3:06 pm
After using WPA/AES or TKIP configuration for the past several years. Our CIO is listening to the support center n say that the encryption makes things to difficult for users. SO they are requesting that we run our lwapp environment with no encryption turned on. I am looking for strong reasons to dissuade our CIO who feels the pain of the support center more than valuing the security we have. Windows is our primary OS here and they say it is just to difficult to configure.
September 23rd, 2008 at 4:08 pm
Hi Sandy,
In what way does the encryption of your lwapp environment affect your end-users? You say it makes things difficult for them, but how? Typically when it comes to encryption over a network, it should be transparent for your end-users.
But one way that encryption can effect your users when it comes to VoIP is jitter. If your call center is experiencing jitter during calls and you believe it is due to encryption, you should make sure it is encryption causing it before making any decisions to ditch it. Jitter can be caused be any number of things, the least of which is network congestion.
Analyze your network to ensure that you aren’t overloading key nodes. If there are just too many calls being made at once for your network to handle, then you may consider dropping the call codec to a lower quality to reduce the traffic load. Doing this you could maintain your current security level while keeping your end-users happy.
QoS is also another option. One of the problems with unified communications is that you have more applications and data traversing the same infrastructure. This could cause some latency in time sensitive transmissions such as VoIP. Come up with a QoS policy first to see if that helps with some of the jitter during heavy load periods.
If the network load isn’t high, and you feel the bottleneck is caused by the encryption endpoints that are handling encyption and decryption, then before ditching encryption all together consider other options. Encryption over a wireless network is very important. I know you know this, but it is important to stress that to your CIO. He/she may not know how important it really is. It is your job as the resident expert to express your opinion of the matter of security to him/her. If you are running TKIP over the network, consider dropping the security level down to WEP before ditching encryption all together. If the added encryption encapsulation and key randomization from TKIP is really what is causing the issues on your VoIP network, then using just WEP might remedy that. Sure WEP is not very secure, but it is much better than nothing at all. You can also use a lower key strength, but I doubt that would gain you much.
I am not sure what part of the Windows configuration for your LWAPP is difficult (whether it is application configuration or network configuration), but you may want to look into configuring it through group policy to help with administration of it and to make it transparent for your users.
Balancing security with ease of use is always hard. But always try to push security to the decision makers who may not completely understand it. Better push it on them now that wait for a security breach down the road and have them come back to you and ask why you didn’t push for higher security levels.
I hope I understood your question. If not respond back and I will try again!