Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PBX vs VOIP 4
- Thread starter phoneguru
- Start date
-
1
- #2
I've never seen a site or article that clearly poses the risks or makes a case against VoIP. However I have the following ideas that you may find helpful:
1) Can your network handle additional traffic? Some VoIP equipment compresses calls to 8kb, some don't.
2) What is your network, VPN, frame relay?
3) How much long distance do you currently spend on interoffice calls. Can you justify a quick payback on the equipment and labor of installing a VoIP device.
4) How about negotiating better rates from your LD provider and save money that way.
VoIP is about saving money. Will you save money if you put in the time, money, research and labor?
Also VoIP means different things. Do you mean a VoIP phone system or VoIP adjuncts that adapt traditional PBXs to IP networks.
jim m.
1) Can your network handle additional traffic? Some VoIP equipment compresses calls to 8kb, some don't.
2) What is your network, VPN, frame relay?
3) How much long distance do you currently spend on interoffice calls. Can you justify a quick payback on the equipment and labor of installing a VoIP device.
4) How about negotiating better rates from your LD provider and save money that way.
VoIP is about saving money. Will you save money if you put in the time, money, research and labor?
Also VoIP means different things. Do you mean a VoIP phone system or VoIP adjuncts that adapt traditional PBXs to IP networks.
jim m.
-
1
- #3
My personal opinion is that the technology is vastly inferior to traditional circuit switched telephone, but it is here to stay.
Take a look at:
The issue is that bandwidth utilization is much more effecient than traditional telephony.
You might want to take a look at "Carrier Grade Voice Over IP" by Daniel Collins or "Internet Telephony Call Processing Protocols" by Uyless Black.
Without some pretty stringent ACLs or other filters, the protocols have all kinds of possibilities for denial of service, eaves dropping, information disclosure and other assorted vulnerabilities.
I would definitely take a look at:
It is only a matter of time before there are many more of these.
pansophic
Take a look at:
The issue is that bandwidth utilization is much more effecient than traditional telephony.
You might want to take a look at "Carrier Grade Voice Over IP" by Daniel Collins or "Internet Telephony Call Processing Protocols" by Uyless Black.
Without some pretty stringent ACLs or other filters, the protocols have all kinds of possibilities for denial of service, eaves dropping, information disclosure and other assorted vulnerabilities.
I would definitely take a look at:
It is only a matter of time before there are many more of these.
pansophic
-
1
- #4
As said, to implement VoIP you need to look at all the issues of cost savings, bandwidth/quality of service requirements, management etc.
As far as the security issues, both the papers mentioned by pansophic appear to me to be scaremongering. All enterprise VoIP implementation run over *private* WANs, not the public internet. Most of the exploits mentioned in the papers assume that the wiley cracker has already compromised your internet-facing firewall, your router ACLs, and your intrusion detection system. If they have done that and can launch attacks to invade your TFTP server, or spoof DHCP etc,etc then you have *much* worse security issues then someone being able to get into your voice system. It is a nice try to get some publicity but frankly it seems like a beat up to me. ---------------------------------------
I'm just trying to help, and am not a spokesman for HP
As far as the security issues, both the papers mentioned by pansophic appear to me to be scaremongering. All enterprise VoIP implementation run over *private* WANs, not the public internet. Most of the exploits mentioned in the papers assume that the wiley cracker has already compromised your internet-facing firewall, your router ACLs, and your intrusion detection system. If they have done that and can launch attacks to invade your TFTP server, or spoof DHCP etc,etc then you have *much* worse security issues then someone being able to get into your voice system. It is a nice try to get some publicity but frankly it seems like a beat up to me. ---------------------------------------
I'm just trying to help, and am not a spokesman for HP
I think that your outlook is a little naive, but because I am in the telecom security industry, I am bound to have a bias that direction. And as long as people believe that their technical (firewall or IDS) solutions will solve thier security issues, I'll have work.
pansophic
pansophic
Certainly host level security is important, whether data or voice. I am not saying that this should not be addressed, it's just that it is not a reason for not deploying VoIP. The fact that most of the exploits mentioned indicate that you already have a problem at the network boundary. If they are able to muck with the TFTP server, they can also screw up your DNS, wreck your router configs, divert all your VLANs etc, etc. Many of these systems are theoretically explotable, as they are protected by weak or non-existent security. Almost all WAN traffic (Frame Relay, ATM) is unencrypted. We *rely* on good border protection.
I mean no one "authenticates" analog (or digital PBX) phone systems today. The assumption is that there is "reasonable" building security and that the telcos infrastructure is hidden and secure. (However 100 metres from my house is the above-ground telco pillar which splits all the PSTN phone lines on my block. A couple of times every year kids remove the cover "for fun". This would be easily exploited). In a business environment, any "cleaner" or even a "visitor" could easily add phone taps that would not be easily detectable. (How about the infamous way you can configure a mobile phone to silently answer a call. Just leave it in a conference room, this is a bug that can be bought and used anywhere)
I would be interested to know whether there are any cases of people *actually* hacking/exploiting VoIP systems in real world environments. I also get involved in security audits and designs. While many exploits are technically possible, there is always a trade-off with cost and complexity when implementing security on systems. ---------------------------------------
I'm just trying to help, and am not a spokesman for HP
I mean no one "authenticates" analog (or digital PBX) phone systems today. The assumption is that there is "reasonable" building security and that the telcos infrastructure is hidden and secure. (However 100 metres from my house is the above-ground telco pillar which splits all the PSTN phone lines on my block. A couple of times every year kids remove the cover "for fun". This would be easily exploited). In a business environment, any "cleaner" or even a "visitor" could easily add phone taps that would not be easily detectable. (How about the infamous way you can configure a mobile phone to silently answer a call. Just leave it in a conference room, this is a bug that can be bought and used anywhere)
I would be interested to know whether there are any cases of people *actually* hacking/exploiting VoIP systems in real world environments. I also get involved in security audits and designs. While many exploits are technically possible, there is always a trade-off with cost and complexity when implementing security on systems. ---------------------------------------
I'm just trying to help, and am not a spokesman for HP
- Thread starter
- #7
Everyone thanks-pansophic thanks especially for the links evaluating security risks. Now if I could only find articles talking about reliabilty issues I'd be set-gee VOIP must not have any problems and work perfectly since I can't find one-lol!
phoneguru,
You may want to check the Cisco Call Manager, Avaya Definity and Nortel Meridian forums on this site, they are all under Wiring Closet. You'll definitely get some responses there, both ways.
narnian,
I might disagree about using host level security as a reason not to deploy VoIP, but I do agree that it is not a reason for most organizations to reject VoIP. It is just important to consider that these embedded OS hosts have lots of problems.
The technology itself has some issues, but what technology doesn't?
I just don't like the idea of anyone on the network being able to tap my conversations (there is a Cisco Skinny audio decoder on the net as well).
So far, I haven't heard of any exploits in the wild, but there is practically no way to detect them unless you are running intrusion detection on your internal network. There certainly isn't any host-based intrusion detection on the hardphones.
pansophic
You may want to check the Cisco Call Manager, Avaya Definity and Nortel Meridian forums on this site, they are all under Wiring Closet. You'll definitely get some responses there, both ways.
narnian,
I might disagree about using host level security as a reason not to deploy VoIP, but I do agree that it is not a reason for most organizations to reject VoIP. It is just important to consider that these embedded OS hosts have lots of problems.
The technology itself has some issues, but what technology doesn't?
I just don't like the idea of anyone on the network being able to tap my conversations (there is a Cisco Skinny audio decoder on the net as well).
So far, I haven't heard of any exploits in the wild, but there is practically no way to detect them unless you are running intrusion detection on your internal network. There certainly isn't any host-based intrusion detection on the hardphones.
pansophic
-
1
- #9
jimbopalmer
Programmer
As a devil's advocate, Let me explain why I did use VoIP technologies in the limited scope I used them.
3 facilites with seperate meridian PBXes using radio T1s back to the phone company. Connecting the PBXes via T1 would have needed twice the radio channels, while the data network was already gig fiber hung on powerlines with 802.1p capability (only two real levels or priority, but two is enough) we used VoIP trunk lines to connect the PBXes giving us call forwarding, voice mail forwarding, and lower long distance rates through higher volume on one account. 8 T1s of traffic do not impact a gig network.
two of the buildings used FCC licenced radios to provide a single phone (for emergencys) one had a ten meg network while the other was 100 meg fiber, using a IP line card and 5 IP telephones provided better emergency coverage and dropped some FCC requirements. the line card can handle 96 phones should we dream up other realistic needs.
What I did not do was rip put working phones and put in IP phones, what I did do was look for places my phone system was limiting my company and solved them via my data networks strengths
I tried to remain child-like, all I acheived was childish.
3 facilites with seperate meridian PBXes using radio T1s back to the phone company. Connecting the PBXes via T1 would have needed twice the radio channels, while the data network was already gig fiber hung on powerlines with 802.1p capability (only two real levels or priority, but two is enough) we used VoIP trunk lines to connect the PBXes giving us call forwarding, voice mail forwarding, and lower long distance rates through higher volume on one account. 8 T1s of traffic do not impact a gig network.
two of the buildings used FCC licenced radios to provide a single phone (for emergencys) one had a ten meg network while the other was 100 meg fiber, using a IP line card and 5 IP telephones provided better emergency coverage and dropped some FCC requirements. the line card can handle 96 phones should we dream up other realistic needs.
What I did not do was rip put working phones and put in IP phones, what I did do was look for places my phone system was limiting my company and solved them via my data networks strengths
I tried to remain child-like, all I acheived was childish.
- Status
Similar threads
- Locked
- Question