Opening firewall ports

[ipwho]

Guy's & Gal's

As you well know when using IP hard or soft phones you have to open a whole plethora of ports on the firewall. Can any one tell me what risks are involved in doing this?

I have an IT guy who is very twitchy about opening the ports and so i just wanted to understand the risks if any?

i await your response.

cheers

 

[intrigrant]

From IT security every open port is a possible security risk.
Although everything can be made as secure ass possible there will always be some jerks trying to hack their way trough.
Opening the VoIP ports will not give any more security threads as opening the common http, mail, ftp etc. ports.
It will be the receiving software in the DMZ wich is really the problem. As this is in many cases a PC with software then the risk can be quite big, regarding VoiP and IP Office you must be aware of the thread and make sure that any IP Packet coming from the inet cannot go through the IP Office from LAN2 to LAN1 (IP Routing, firewall).
If you cannot guarantee this then use a good VPN server with IPSec.

 

[sizbut]

If you get the latest maintenance release versions of the IP Office core software, you'll find new settings to control the lower and upper port numbers for RTP/RTCP. At least having a mechanism to control the port range may make your IT people a little happier. [Though my experience of IT security guys is that their only happy when the power is switched off and all cables removed ;-)].

 

[ipwho]

Thanks for the feed back. You will probably have guest that the networking/IT side of things is all new to me. I may go down the route of setting up a stand alone vpn connection just for voip this may appease my IT department and means that I will not be so beholden to them! hooray!

Does that sound like a good Idea or is it a bit overkill?