Skip Links

Network World

Matthew Nickasch

Securing the Line Part 1 - Layered Security Approach

By Matthew Nickasch on Fri, 08/22/08 - 9:11am.
Newsletter Signup

Most IT professionals are familiar with, and practice the idea of "layered security approaches." This idea literally states that multiple layers of protection are required to effectively secure any system, network, or service. Especially with the advent of converged networks, IP telephony, and unified communications, this now applies directly to the telecom field as well.

As you may have recently read, I've discussed VoIP and telecommunications security many times on the blog before. With the new Securing the Line feature, I plan to delve into each "layer" of potential security vulnerability and recommend strategies, architectures, and even solutions that will make any converged network more secure.

It's incredibly important to note that no solution is a good solution unless it has been compared and contrasted with others. For this, before considering any vulnerability or "weak spot" in any system, it is important to analyze the environment as one system. This system is made up of many components that traverse many networks and individual systems, which may extend across the world. One vulnerability or weakness in one component, and the entire network or system can be affected. With a layered approach, there are multiple "checks and balances" to handle such large-scale vulnerabilities.

So, before we dive into the world of Voice VLANs, common TCP-style attacks against converged networks, NAT, DMZs, VPN architecture, etc, remember to analyze your infrastructure as a group of many devices that make it work. In the next post, we'll begin to discuss proactive convergence security through the use of segmentation and Voice VLANs.

Happy Friday everyone! Be sure to check in with Considering Convergence this afternoon for some discussion on Cisco's SMB IP Communications Portfolio.

Coming Up on "Considering Convergence":
- Afternoon Newsbreak : Cisco's SMB IP-PBX Push
- "Securing the Line" : Voice Network Segmentation

Welcome, visitor. Register Log in
About Considering Convergence
Matthew Nickasch is an independent consultant and analyst in the IP communication and convergence fields. His current and previous consulting experience includes systems architecture, virtualization, telecommunications, and converged networks for the financial, education, and healthcare industries. In addition to his consulting responsibilities, he has been active in the research realm, recently publishing and presenting on topics including routing protocol security and ERP and transactional database auditing. While his interests include directory services and corporate compliance, Nickasch's focus is on converged networks and IP communications.
Blog Roll
Inside the Asterisk
http://blogs.digium.com/
Nearpoints
http://www.networkworld.com/community/mathias