“The Arkoon solution has allowed us to deliver access to our information systems for external users.”
La Rochelle city council
Security Skype
Security Skype, Arkoon.
Voice over IP vulnerabilities need to be addressed both internally and externally,
without forgetting the basics - UPS, backup telephone lines, and redundancy
for critical equipment and public network connections.
GLOBAL PROTECTION
Protecting voice and data convergence requires a four-pronged approach.
Firstly, network traffic needs to be managed and segmented according to
type, to keep control of VoIP. “Official” voice traffic, which
we can define as that supported by the corporate PBX, needs to be distinguished
from voice carried by non-official tools and protocols such as Skype.
To do this we need to analyze in depth the content of the IP packets.
Secondly, reactivity: we need to be able to interrupt calls both during
the call setup phase and during the ongoing call – an authentication
problem or modification of the codec during a call, for example, might
be a security risk.
Collaborative security is the third aspect to consider. Information needs
to exchanged in real time between core network equipment and the PBX and
its peripherals, to interrupt illicit calls, telephone spamming, war dialing,
or any of the other threats the telephone system is faced with.
Finally we need to ensure implementation of QoS policies which ensure
the VoIP traffic is appropriately prioritized. This should only take place
after the security issues have been addressed, to ensure that our QoS
is only being applied to, and only benefits, authorized VoIP traffic.
