Planning VoIP deployments
(WINDOWSNETWORKING.COM)
This article discusses management of the VoIP PBX, and proposes that it be treated as another service which should be comprehensively managed by the network administrator. It will demonstrate how Voice connectivity relates to data networks and how to effectively and securely implement a PBX within the context of a network infrastructure.
Convergence
Network administrators now have multiple, varied methods of communication running on their network. Whilst protocols and services such as web and email, SMTP and HTTP, are well understood and the techniques for securing these are widely known and discussed, VoIP understanding is often lacking. With the convergence of voice and data networks comes the convergence of roles within an organisation. IT and Telecoms staff are not distinctly separate and there can be an overlap in roles. This can often lead to misunderstandings by staff who make assumptions about systems that they are not familiar with, in environments they are not used to.
This however does not mean that handling voice and data communications need to be complex and hard to understand. In fact, due to the convergence and the fact that VoIP necessarily uses IP, which is also the basis for our data network, we need not treat VoIP infrastructure any differently than our data infrastructure. By looking at common network setups we will see how easy it is to design a secure and stable VoIP infrastructure by using similar principles to those employed in the design of data networks. The principle example we will discuss here is that of Front End and Back End servers, common in the use of e-mail amongst many other applications.
The entry points
When discussing the security and accessibility of a service within a network, a lot of our focus is on the entry points. Questions we should be asking ourselves include:
Where are our users?
- They are on the Internet, PSTN, Internal Voice and Internal Data networks
Where are our threats?
- Every connection point could pose a threat to the others
What connectivity between servers and services are there?
- Incoming and outgoing VoIP over the Internet from/to the PBX (SIP/H.323/IAX/RTP/etc..)
- Incoming and outgoing calls over the PSTN, via ISDN/T1/E1/POTS
- VoIP clients on the internal data network using the VoIP protocls listed above
- Analogue and digital telephones on the internal voice network
There are other points to consider, but generally we are worried about connectivity, ways in/out of our network and who might be using them. The ideas and techniques employed in the pursuit of data security on IP networks relate directly to a VoIP PBX. Our major added complexity is the fact that the PBX may be the terminating equipment on a telephone line. The consequence of this is that we must treat this device as we would any other such device (such as our border router) exposed to a public network. Therefore, we must not trust traffic at this point and would want to have a firewall and/or intrusion detection system between the device and the rest
pasmith
Kindle news: pricing, business models and ... source code?
mulderjoe
Cell phone gaming: In search of good mobile games
jfruh
The guts of the iPhone 3GS
Enter your caption for this week's cartoon! The winner will receive a $25 Amazon gift card. Go now!
Essential JavaFX
Get started building rich Web apps quickly with an introduction to the power of JavaFX key features -- scene node graphs, nodes as components, the coordinate system, layout options, colors and gradients, custom classes with inheritance, animation, binding, and event handlers.Enter now!
The Nomadic Developer
Consulting can be hugely rewarding, but it's easy to fail if you are unprepared. To succeed, you need a mentor who knows the lay of the land. Aaron Erickson is your mentor, and this is your guidebook. Enter now!
