* Aruba takes on VoIP security vulnerability Last time, I pointed out that the wireless LAN industry – standards groups and vendors alike – have been working to pave the way for high-quality, secure VoIP calls to run on 802.11 networks. Doing so involves many factors.In the last newsletter, I discussed recent efforts to reduce latency as users roam to accommodate voice’s persnickety low-delay requirements. This time, I’ll discuss one vendor’s attempt to secure networks against wireless VoIP phones being spoofed.Most 802.11 telephony devices are not yet Wi-Fi Protected Access (WPA)-certified. Rather, most run the older Wired Equivalent Privacy (WEP) security protocol. WEP does not include user authentication or dynamic encryption keys, which is why it was deemed unfit for enterprise-class 802.11 networks and replaced with WPA.So as WEP devices, wireless VoIP handsets can be considered the “weak link” in the WLAN security infrastructure. The issue isn’t so much protecting the sanctity of phone conversations as it is to guard against the potential for VoIP phones to masquerade as a data device and become a network security hole. For its part, Aruba Wireless Networks has added a stateful firewall to its WLAN switch AirOS management software. The software can inspect a packet header (and follow an application flow across dynamic Layer 4 ports) to verify that traffic being generated from a given device is indeed a voice flow. This prevents a data device from spoofing a VoIP handset and potentially injecting harmful packets into a network, says Keerti Melkote, Aruba’s vice president of product marketing.The same approach applies in the case of a softphone – a telephony application running on a PC that renders the PC both a data device and a phone. The stateful flow classification capability looks in the IP header and determines whether a packet’s payload is voice or data. In addition to security, this has quality-of-service (QoS) benefits, in that softphone traffic can be prioritized across the network ahead of data traffic generated by the same device. Generally, it’s the device itself – the handset – that automatically marks packets for high priority by virtue of the fact that it is a physical phone. In the case of a PC that is acting both as a data and voice device, though, another capability is required to distinguish between the two flow types. Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Mergers and Acquisitions news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe