- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
If your company is planning to exploit the incredible power, flexibility and cost savings offered by VoIP , there are two things you need to know: VoIP people don't think like IP people; security is going to be a nightmare.
Recently I spoke with the leading VoIP folks from around the world. This elite group represents VoIP subsidiaries and working divisions of something like 94% of the planet's telecom service providers. I got called in to provide an in-context and out-of-context view of VoIP and security. I began with a couple of easy, soft-pitch questions. Or so I thought.
"How many of you use penetration testing as means to maintain the integrity and continually test the security of your VoIP networks?" I asked. Not one hand went up. I figured there was a language problem, so I rephrased the question. "How many of you have a dedicated staff of security people whose sole job is to stress the network to find problems before the customer does?" Again, no hands were raised.
After recovering from my shock, I asked, "Why don't you?" The most common response was, "Why should we?"
That's when I retreated to the security basics. I talked about how denial of service and distributed DoS can paralyze VoIP, and about data-transfer integrity, and asked, "What are you guys doing about this?" They shrugged.
The VoIP community has not travailed with us for the last 25 years and learned the lessons of virtual venom and online conflict. Their biggest concerns are, first, QoS (they get paid more and earn greater profits when the QoS is high; they lose points and money when QoS is low) and, second, billing accuracy.
Historically the endpoints of communications have been dumb. One lesson the IP world has learned is that complexity breeds insecurity; dumber is securer.
But the world the VoIP crowd is building uses endpoints that are much smarter. Therefore, the VoIP version of security is bass-ackwards from the IP approach. And you're planning on bringing VoIP into your enterprise? Hmmm.
Next, I asked this group of now-nervous VoIP nellies, "Can any of you tell me where your VoIP and data networks meet, converge, talk to each other, share facilities, etc.?" Silence. I rephrased the question: "How do your VoIP and data networks talk to each other?" Still sort of blank stares.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Leveraging the Advantages
of a Multi-vendor Network Strategy
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Click here to view whitepaper!
Comment