In their formal responses printed here, Avaya and Cisco agreed with Mier's assertions in general, but were quick to defend measures they've already taken in these directions. What neither company offered, though, were detailed plans for improving the overall state of VoIP security.In their formal responses printed here, Avaya and Cisco agreed with Mier's assertions in general, but were quick to defend measures they've already taken in these directions. What neither company offered, though, were detailed plans for improving the overall state of VoIP\u00a0security.Cisco's responseTo successfully protect an organization, security must be fully integrated into all aspects of the network. This is the essence of the Cisco Self-Defending Network strategy for information security.The unique Cisco security model proactively addresses the challenges associated with securing integrated data, voice and video through focus on three key aspects of information security: secure connectivity, threat defense, and trust and identity management. While voice and video have unique requirements, the results of this evaluation clearly showed that the Cisco integrated, multi-layer approach to security can make IP-based voice very secure.It's important to note that most of the security tools Cisco used in\u00a0the VoIP security test\u00a0already should be part of any organization's network security strategy, and there is no additional cost for any of the voice-specific tools.Cisco agrees that designing and implementing security must be simplified. We are committed to making improvements in this area, using both education and tools.Education and assistance include:\u2022 Currently Cisco documents best practices and hardware and software configurations in its\u00a0SAFE blueprints.\u2022 The Cisco Security Certification provides best-of-class training and exams. The Cisco Security Specialization Program recognizes the Cisco Channel partners who are best prepared to install and support secure network solutions.\u2022 Cisco sponsors worldwide "Networkers" conferences for customers, with security tracks providing detailed training on security issues and best practices.Simplified tools and interfacesCisco has many tools designed to simplify configuration and installation of its products to make critical security functionality more accessible. These tools are being continuously enhanced with voice-specific features. Available Cisco tools include:\u2022 Cisco AutoQoS features in both CatOS and IOS software automatically configure network QoS parameters for VoIP according to Cisco's best practices.\u2022 Cisco AutoSecure is a new IOS Software feature that incorporates a "one touch" device lockdown process, enabling rapid implementation of critical security policies and procedures.\u2022 Cisco Smartports is a feature for all Catalyst switches that simplifies the configuration of critical features for Ethernet. Smartports assists Cisco IP Telephony configuration via pre-tested switch port configurations or "macros" recommended by Cisco best practices.\u2022 Cisco Security Agent provides "day zero" threat protection for server and desktop computing systems. It combines host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance and audit log consolidation all within a single agent package.ConclusionAs our performance in Network World's recent VoIP security test showed, Cisco understands how to build secure networks for voice, video and data. While more work remains to be done, Cisco already has taken innovative steps to simplify the configuration process while at the same time adding more comprehensive security features.Avaya's responseAvaya provides a holistic approach to securing converged communications based on a Trusted Communication Framework. This framework delivers applications, systems and services that protect multi-vendor converged networks.Avaya's IP telephony systems are infrastructure-agnostic. On Layers 2 through 5, customers can employ a configuration identical to the one supplied by Cisco in the Network World test. As noted in the test results, we also support Real-Time Transfer Protocol encryption in Layer 6, which extends to the entire line of Avaya's IP phones, and our latest release of Communication Manager supports signaling encryption for our distributed media gateways.As for the issues raised in the recent Tester's Challenge, we agree with Ed Mier that the industry must continue to prioritize VoIP security. Our response is segmented to address the three areas he touches on.Assessment, management and monitoringAccording to Avaya research, more than half of all companies want some form of security assistance. Avaya offers consulting services that help companies assess network readiness, security and business continuity. We team with leading security vendors to deliver managed security services, providing firewall management and anti-virus protection in any multi-vendor network. Avaya also offers 24-7 remote security monitoring, enabling assistance for security deployment, including risk assessment\/management.EducationAvaya has an aggressive program to educate companies on securing converged communications. Avaya also offers security seminars, Webinars, white papers, security advisories and\u00a0sponsors events\u00a0such as the Gartner Security Summit and NetSec 2004.We have security tools that are easy to use. It is Avaya's philosophy that brute-force solutions requiring an expensive army of security experts is not what customers need. Our security management architecture (Avaya VPN Manager) lets a small group cost-effectively define security policies by using tools that:\u2022 Provide centralized security policy and configuration to firewall and VPN devices.\u2022 Simplify setup with firewall templates and VPN wizards, including check-box activation of IP telephony firewall proxy and network address translation services.Additionally, Avaya Installation Wizards guide users through IP installations. In the future, our Wizards will be extended with centralized provisioning tools.Headed toward the futureAvaya believes that the future of converged communications will evolve toward a model supporting greater mobility and wireless communications. As a result:\u2022 Avaya will implement a flexible, multi-layered authentication framework that supports emerging security standards that establish trust between users and devices for secure user communications from any location.\u2022 Future security management should accommodate unified identity management solutions combining mobile user profiles and self-contained security. Avaya will look to standards when building its own solutions and partnerships.\u2022 Future security implementations need to focus on industry-standard security certifications such as IEEE, IETF and the International Telecommunication Union, and groups such as the Network Integrity Consortium, in which Avaya participates.