Posts Tagged: security

Advice – Communications for Enterprise

Lets address some points that should be taken under consideration for IT managers looking at packetized communications for their Enterprise.  Below are the highlights and my thoughts:

Highlights

Look For SIP Support

I couldn’t agree more!  SIP is a protocol used to establish, teardown, modify, etc communication sessions.  It’s very diverse and relatively simple when compared to past mechanisms.  Most importantly, it has become the defacto standard within the world of telephony.  There’s native SIP support in nearly all the major vendors that supply VoIP gear. (Cisco, Avaya, Siemens, Microsoft)

Consider The Benefits Of Hosted PBX

This topic has be discussed numerous times in the past, and even before that within a TDM context (PBX vs. Centrex).  The thing that’s different within an IP context is the feature and functionality available.  When comparing a PBX to a Centrex offering, one key difference was additional feature and functionality in a PBX.  Centrex offerings didn’t have the same “whiz-bang” features.  In today’s Hosted Telephony offerings, there’s near feature parity, so the key determining factor becomes cost of ownership.

Think Unified Communications

VoIP (or Telephony) MUST be seen as a stepping stone to the ultimate goal of Unified Communications.  IT managers should consider the roadmap to UC when choosing a Telephony solution.  Real-time communications need to become multi-modal, meaning there should be options to transition communications from IM to voice to video to online collaboration on a document, and then back again – all within the same context and within a common look/feel.

Traversing NAT

Though the issue of Network Address Translation (NAT) is well known to negatively impact SIP sessions, the real point for consideration here for the IT Manager should be around considering the deployment of a Session Border Controller (SBC) within their Enterprise as part of an overall design.

Know & Apply Codecs

There are more ways to packetize voice and video communications than one can shake a stick at.  The author points out the predominant technologies of G.711 and G.729.  Issues of bandwidth consumption and quality of user’s experience must be balanced.  Generally speaking, the more bandwidth consumed, the better the experience.  But the more bandwidth used, the greater the cost to upgrade the LAN/WAN infrastructure to accommodate.  If you skimp on cost, the result would be poor quality, and then adoption and experiences would suffer.  It’s a delicate balancing game.

Some further comments :

• Make sure to have 100k in bandwidth free and available for every conversation when determining whether the enterprise really has enough bandwidth for VoIP.  With multiple calls made from one location a simple DSL  won’t cut it.

• Get VoIP phones that are both wired for Ethernet and wireless for Wi-Fi connectivity. That way, people can wander, and all internal calls within the building are free of charge because they stay on the network. Check the mobile voip solutions, few of them even work without need of data plan.

• Make sure the vendor is going to be around to support the purchase.  An older vendor with roots, commitments, and financial means is an obvious choice. A new vendor with strong management, skills, and reputation who proves out through considered research can also be a sharp choice.

Better pay attention – Identity and Security

What happens when you get a letter in the mail and it appears to be tampered with?  I don’t know about you, but I either think that it got mangled in the postal sorting machines, or someone has been tampering.  I don’t immediately assume that it’s tampered with, as I am not that important of a person. But there are a few “less than desirable” folks I have come across in my travels that necessitate thinking that way at times. If I suspect that it is tampered, I have the ability to complain to the US Postal Service (or whoever the carrier is) and start an inquiry.  There’s a certain level of accountability.

Telecommunications accountability

With telecommunications, accountability is less effective.  Say your phone rings – do you assume that someone is listening in on your phone call?  Probably not unless you are in a similar profession as Tony Soprano.  The fact of the matter is this – people’s historical sense of security, or assuredness regarding source and point-to-point communications must be questioned.  I don’t mean to sound like a harbinger of doom, but this questioning comes as a result of modern technology.  Let’s take the simple example of the receiving a phone call.  Your phone rings.  The name of the person calling you is displayed on the phone’s screen.  It’s your Mother’s name, or her phone number.  Most of us would proceed with answering the call expecting the person on the other end to be our Mother.  Now, this leap of faith may be questioned if the masses understood the ease of “spoofing” this data. Мeaning, people can pretend they are your Mom just to get you to answer the phone.  Telemarketing companies are very savvy employing some techniques.  They realize if the caller ID displays “ABC Telemarketing Company” the odds of the phone being answered decreases tremendously.  But what if the caller ID were something more ambiguous, like “out of area”?  Well they did just that, then the FTC mandated they had to stop the “out of area” practice, and start displaying their phone number, and if possible company name.  Frankly, that didn’t do much as most people just lumped the “out of area” calls as telemarketing calls anyways.  At least that’s what I did.  This is really just a ‘cat and mouse’ game between the FTC/FCC and the telemarketers.  To keep things ambiguous, most telemarketers elected to just provide their phone number to display.  While not ideal to conceal the identity, it’s better than having “ABC Telemarketing Company” displayed.  In fact, because I am from Michigan, I usually accept most phone calls from any area-code in Michigan because I don’t know who’s phone might have changed – so I elect to answer rather pass the call to v-mail.  The constant balancing act our governing bodies must play between protecting free markets interests (read as commerce/business) on the one side, and protecting constituents on the other side, necessitates that we be more vigilant.

Phone calls (not only VOIP)

Back to the comparison of receiving a parcel versus a phone call.  If I get a package from my friendly postal working in the mail, I know for certain that the package was carried from the sender to me by the courier. UPS, FEDEX, etc.  When it comes to phone calls, the only thing we can be certain of is that the last part of the call was carried by my phone company.  The reality is that mostly phone calls, regardless of the technology, are carried by multiple phone companies.  Out the window goes any accountability.  Say I received a call, and heard some someone other than the person calling me starting singing a song (rare I know, but definitely possible), how can I determine where or how this intrusion took place?  I would start with my phone company, for sure, and if the breach into our conversation happened within the administrative domain of my phone company, there might be something that could be done.  The odds would that being the case aren’t great, though, and pinpointing where the breach occurred could very well be impossible.  The routes or paths that phone calls take over the telephone network change so frequently that oftentimes placing, say five simultaneous calls to the same destination might take five different paths through the network.  It’s the way things are.  Add to this situation the different technologies used, like VoIP versus TDM, any end-to-end reconstruction is arguably impossible.
 
At the end of the day, what this means to “Joe consumer” as a politician would put it, is that you can’t trust the source, or the path phone calls take through the Public Switched Telephone Network (PSTN) with any level of certainty.  This is an unfortunately truth of the world we operate in today.