How often have you come across a situation when you were asked about the security aspect of the Cisco IP Telephony solution you have designed, implemented, or operated? A good guess would be - multiple times at multiple occasions.
When organizations adopt Cisco IP Telephony / Unified Communication solutions, they seldom think about securing - what's about to become an asset for their organization. With communications, everything is lost from employee communications to consumer interactions to vendor negotiations, all comes to a halt. Amidst rapid technology growth and increasing demand for 'anytime, anywhere' connectivity to corporate networks, securing communications is the first and last line of defense.
So, the next question is, what keeps organizations away from thinking about securing their communications network or channels? The answer is not trivial however, not too complex to be understood. The majority of reasons could be:
1. Lack of management support in terms of financial support, man power, scarcity of resources
2. Improper planning - leading to multiple security issues during deployment or operation of an IP Telephony network
3. Blind-siding the security aspect by virtue of in confidence to secure a relatively new technology
It is sad but true that more often than not, IP Telephony is paid much less attention than it is due for. Moreover, organizations are ready to take upon risks rather than implementing the right set of security controls to deter attacks.
With that said, it is not a perfect world and not everything works out as desired. But that should not stop you to make sure that you and your organization go that extra mile and do the needful to secure the corporate voice communication medium.
How to start, you may ask? There's no black and white however, certain essential elements should pave a path to ensure that you have a plan which can be put into practice.
1. Ensure you have appropriate know how of recent and past security incidents in your organization's data/voice network.
2. Have a plan in order to address any and all issues that may pop-up during your journey to secure the IP Telephony network.
3. Make sure that you get the management buy-in and support by making them aware of criticality of the IP Telephony network's outage/unavailability/misuse.
4. Form a strategy which can be implemented in your environment. The security policy should be formulated in a way that it is generic overall however, more specific to IP Telephony network, applications, and endpoints.
5. Ensure that you sort out the security controls which should be implemented at various levels (network, application, endpoint, third party servers etc.).
6. Have an idea of what is the cost of security (cost of security is the cost of not applying a security control or construct and assuming a risk, which eventually becomes a real threat) and balance it out with risk, effort, and, complexity.
7. Once the security strategy is formulated, you can start at network level or start at network and application level simultaneously i.e. to apply the security controls previously chalked out.
8. Upon application of security controls, test the network for its responsiveness and stability.
9. Prepare your IP Telephony network for secure management (could e leveraging secure protocols, out of band management, and so on)
10. Monitor the IP Telephony network.
With all that has been stated in previous section, it must be recognized that IP Telephony security alike any other flavor of security is neither a one time nor a one step effort. It involves multiple steps and should be repeated time and again (frequency depends on industry vertical, legal requirements, or other factors).
Last but certainly not the least, now you have a reference, a guide which can help you with those meddling UC/IP Telephony security queries, configuration steps, secure network design and management, and above all is a companion for Cisco Security and UC - architects, engineers, managers, administrators, and decision makers. The book 'Securing Cisco IP Telephony Networks' builds on real world experience and provides easy to follow examples and case studies to help you plan, design, build, operate, monitor, and manage a secure Cisco IP Telephony network.
I am trying to setup a unity call handler and setup a tree, for a school main number, that is using cisco Attendant console, is this possible? I can set it up without the Attendant console, no problem, but would like the receptionist to use the Cons...
Call Flow: (used my cell)PSTN caller->VGW1->CUCM->UCCX->Agent xfers to internal operator-> Internal Operator blind xfers to end user-> end user has cfwd all set to cell phone-> SIP Trunk ->Cube/VGW2 ->H.323 PRI -> PSTN F...
I recently had a problem with a BE6000S not booting properly, and had to contact Cisco support. During the boot process VMWare 5.5.0 Build 1131820 hangs at "Loading module ipmi_si_drv".The support technician was asking me about CIMC - Cisco Integrated Man...
I have a customer who has CUCM 12, and they have successfully registered it to a Smart Account. They recently had a license violation for 1 user, so I decided to check the License Usage Report on CUCM for details on what devices that user is assigned to. ...