Section 10.7. Key Issues: Security and Monitoring


10.7. Key Issues: Security and Monitoring

  • Security in traditional telephony is quite limited and much less effective than that of modern data systems. Security in IP telephony applications is infinitely controllable and expandable due to its basis in software

  • Snooping and phreaking are fairly easy in traditional telephony environments

  • Call detail records and call accounting can provide forensic data when investigating an instance of system abuse

  • A properly configured and well- tested dial-plan is a good way to prevent anonymous abuse

  • Credentials and authentication are often required in order to use IP telephony applications, just as they are required to use other kinds of applications

  • MD5 hashing is a good way to hide passwords from casual observation, and most SIP implementations support authenticating endpoints using MD5-encrypted credentials

  • Media encryption can stop would-be eavesdroppers from listening in on your VoIP conversations

  • Software maintenance is crucial with VoIP servers in order to avoid virus and worm attacks that exploit known vulnerabilities.

  • Hardening VoIP servers is important, just as it is in any other mission-critical application

  • Removing unnecessary software and optimizing local firewall policy are two elements of hardening a server

  • DMZs can provide limited, controlled access to a softPBX from the Internet and from a private network. A server on a DMZ is a bastion host

  • Intrusion prevention is accomplished through regular testing for known vulnerabilities and through vigilant monitoring of logs

  • iptables can be used to configure VoIP-specific logging with the help of syslog. To read VoIP logs from syslog in Red Hat Linux, use the dmesg command

  • SNMP can be used to assist you in monitoring a VoIP network

  • Packet-log reading can be used to "dig deeper" when you suspect illicit access on your network



Switching to VoIP
Switching to VoIP
ISBN: 0596008686
EAN: 2147483647
Year: 2005
Pages: 172

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net