April 30th, 2004, 03:14 PM
VoIp On my Network?
Hello all, Currently I work at a site with over 500 analog phones. We are now shopping for a VoIp system to replace our current PBX. I am currently looking at the Nortel Succession Package. I see that the Gateway box runs Windows 2000. I looked at other VoIp solutions and they also base their technology on Windows 2000. First thing that worries me is Security. Could a virus take down our phone system if it was release on our network. Is there a way I can seperate my Data network & VoIp Network from each other?
April 30th, 2004, 03:25 PM
"If is it a computer and has a operating system, it can been attacked"
It doesnt matter if its a Windows 2000 or a Sun Solaris -
by the way, if u wanna use VOiP, what will be the purpose of segregate networks? THe purpose of VoIp (for me) is use TCP/IP (a data network) to transport Voice. Split in two doesnt make any sense.
Even you protect ur server if iron bars, a guy that REALLY wanna disrupt ur voice network will just flood ur switchs and wan links with garbage. BINGO! VoIp is down. Due to "isochronous" shape of voice traffic, any overload on network will disturb or even disrupt the voice network.
I hope that u dont regreat to use VoIP. They are just some concerns to worry about.
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.
April 30th, 2004, 09:37 PM
You will need to treat the voip gateway pc as any other pc asset in the network (maybe even tighter security). Schedule OS upgrades and patches, install anti-virus (run it, upgrade it) and you should be ok.
I agree - data and voip on same network is the real benefit - why separate it? I'l brush up on my diff serv knowledge asap.
April 30th, 2004, 10:55 PM
What you could do is make your internal Voip not accessible ot the internet.
The University of Houston went one step further and made sure that its call manager and its entire VOIP network aren't directly accessible from the Internet. The school has put its IP PBXs in a different domain than its other servers and has limited administration access to the servers.
"As a university, the potential for being hacked or coming under a denial-of-service attack is a huge concern for us," says Charles Chambers, the university's manager of network planning and development
Of course, then you wouldn't be able to access outside lines.
What it really comes down to is how well you keep up your network. Yes if a cracker manages to some how take down your entire network, then your phone server will also go down with it. However, if you don't trust your network right now, I wouldn't even think of trying to go Voip. The same security precautions will go hand in hand. If you keep your network patched, scanned, firewalled, and make sure your users don't do jacked up things on the network, then you should be fine.
As of right now, I can't tell you too much about security a Voip network, seeing as I have never set one up. But check out these places:
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
May 1st, 2004, 10:34 PM
DoS is a serious concern in VoIP networks. Its unlikely a vendors voip code will be virus infected (but you never know). As mentioned by Lansing you could separate your voip servers on a different domain and limit access. To achieve good voip quality you will most likely (it's recommended) be setting up separate VLAN's on the lan switches and if possible feed the trunk uplinks to separate ports on your routers. The routers and switches will need to be set to prioritize the voip.
Most people think of voip (with data) only via the links connecting sites of the wan. If you are actually thinking of voip phones then thats more like the switch and router settings mentioned earlier.
May 2nd, 2004, 12:57 AM
VoIP is in it's infancy and any proggies you use are going to have some exploit available, be it publicly or in the head of a specific person.....as mentioned, though, isolating it to the private LAN would be the best way to go....
Every now and then, one of you won't annoy me.