Cisco, Avaya respond to our Tester's Challenge on VoIP security tools

Tester's Challenge Network World
June 21, 2004 12:13 AM ET

. What's this?

In our most recent Tester's Challenge published late last month, Network World Lab Alliance partner Ed Mier charged that VoIP vendors - Cisco and Avaya, in particular - need to simplify the state of securing VoIP networks. Specifically, Mier called on vendors to make VoIP security education and technical assistance more readily available and to offer better tools for setting global VoIP security parameters.

In their formal responses printed here, Avaya and Cisco agreed with Mier's assertions in general, but were quick to defend measures they've already taken in these directions. What neither company offered, though, were detailed plans for improving the overall state of VoIP security.

Cisco's response

To successfully protect an organization, security must be fully integrated into all aspects of the network. This is the essence of the Cisco Self-Defending Network strategy for information security.

The unique Cisco security model proactively addresses the challenges associated with securing integrated data, voice and video through focus on three key aspects of information security: secure connectivity, threat defense, and trust and identity management. While voice and video have unique requirements, the results of this evaluation clearly showed that the Cisco integrated, multi-layer approach to security can make IP-based voice very secure.

Related Content

It's important to note that most of the security tools Cisco used in the VoIP security test already should be part of any organization's network security strategy, and there is no additional cost for any of the voice-specific tools.

Cisco agrees that designing and implementing security must be simplified. We are committed to making improvements in this area, using both education and tools.

Education and assistance include:

• Currently Cisco documents best practices and hardware and software configurations in its SAFE blueprints.

• The Cisco Security Certification provides best-of-class training and exams. The Cisco Security Specialization Program recognizes the Cisco Channel partners who are best prepared to install and support secure network solutions.

• Cisco sponsors worldwide "Networkers" conferences for customers, with security tracks providing detailed training on security issues and best practices.

Simplified tools and interfaces

Cisco has many tools designed to simplify configuration and installation of its products to make critical security functionality more accessible. These tools are being continuously enhanced with voice-specific features. Available Cisco tools include:

• Cisco AutoQoS features in both CatOS and IOS software automatically configure network QoS parameters for VoIP according to Cisco's best practices.

• Cisco AutoSecure is a new IOS Software feature that incorporates a "one touch" device lockdown process, enabling rapid implementation of critical security policies and procedures.

• Cisco Smartports is a feature for all Catalyst switches that simplifies the configuration of critical features for Ethernet. Smartports assists Cisco IP Telephony configuration via pre-tested switch port configurations or "macros" recommended by Cisco best practices.

• Cisco Security Agent provides "day zero" threat protection for server and desktop computing systems. It combines host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance and audit log consolidation all within a single agent package.

Conclusion

As our performance in Network World's recent VoIP security test showed, Cisco understands how to build secure networks for voice, video and data. While more work remains to be done, Cisco already has taken innovative steps to simplify the configuration process while at the same time adding more comprehensive security features.