Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
1
Replies

Design Question - IP Centrex and Enterprise Network Security

jduban
Level 1
Level 1

‎07-11-2005 03:10 PM - edited ‎03-09-2019 11:48 AM

I occasionally provide help to small non-profit organization which, during the course of the business day, handles patient healthcare records. To help ensure the confidentiality of the information that they handle, I assisted them in designing and deploying a network in which they have a single firewalled connection to the Internet and any information transmitted across the point-to-point links connecting their offices is encrypted.

As a cost savings measure, certain prominent individuals within the organization have recently been sold on an IP Centrex solution. Given my knowledge of their network infrastructure, I was asked to work with the vendor and setup one of their offices as a live “test” environment. After looking at the vendors design documents, I have some concerns about the security implications of the proposed design and would like to know if my concerns are misplaced.

According to the vendor of the IP Centrex solution:

- A new Internet connection will be installed at the “test” site.

- The vendor’s router will be configured as a DHCP server.

- The phones and any ATA’s will be assigned public IP addresses by their router.

- The phones cannot reside behind a firewall.

- The phones will be attached to unused ports on the existing LAN switch.

- The separation of data and voice traffic will be enforced through the use of VLAN’s.

In my eyes, the connection to the IP Centrex vendor will provide a parallel path to the Internet effectively bypassing any of the organization’s existing multi-layered safeguards – ie. the ACL’s in the organization’s border router, their firewall, proxy server, etc. The sole safeguard is the VLAN assigned in a switches configuration that could be easily negated by a simple typographical error. Am I wrong?

The cost association with another switch dedicated just for the phones along with the vendors insistence that my concerns were misplaced, nixed my recommendation for the purchase of an additional switch.

Is this vendor’s approach a common one? Are there other approaches used by other IP centrex vendors that don’t have the weaknesses that I perceive in this vendor’s approach?

Labels:
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎07-15-2005 11:59 AM

This is a common approach among the IP centrex vendors for implementing network security.

0 Helpful
Customers Also Viewed These Support Documents