SCN small community network

[wuzhounet]

We are thinking about linking a few of our regional offices with the corporate IPO500 v2 7.0 what experiences have you had with this as far as reliability and dependability

 

[hairlessupportmonkey]

Its an excellent idea.

Money needs to be invested in good reliable connectivity and firewalls to do your VPNs.

You need to also make sure all systems are unique with their naming and numbering schemes. i.e switch at HQ cant have extn 200, 201, 202 etc and the regional office cant then be 200, 201, 202 etc.

A meshed network would be ideal to reduce traffic when intersite calls are made, otherwise a star network will work, but direct media path wont.

ACSS - SME
General Geek

 

[wuzhounet]

Thanks I am hearing so much about hacking into VOIP and internet routed calls that I am so concerned about protecting the toll calls and also the companies serve data base which has extreme security related data stored on it. I have read that hackers are using the phone systems to access the servers to access the data bases of companies. Een Cisco handsets are able to be hacked into, etc.

 

[mattKnight]

You have 2 choices - as has been pointed out

1. Invest properly in your perimeter security device. That doesn't just mean buy a new one... learn how to use correctly and monitor it for unauthorised access attempts.

2. Do nothing

The FUD that you mention undoubtabley happens but a lack of understanding of the technology doesn't help you (routing calls over the internet.. yoh are priposing to route calls over a VPN tunnel over the internet. Two diffwrent things in terms of security)

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

 

[wuzhounet]

Thank you for the feedback. Most of my problems with data networks comes from the guys that maintain it, the IT guys Most of them just don;t give a darn about security and the customer trusts them and thinks they can do no wrong but I can tell walking in then phone or computer room when I see sloppy wiring what is going on. I will make sure my customer knows that this is a MUST when it comes to security of their network if they want this type of voice network in place. These days everyone just thinks "oh there is a network jack on this phone so they start plugging things into it without knowing what it is used for. They even plug their PC's into the phone jack on the wall and vis versa!

 

[hairlessupportmonkey]

Then dont leave the solution up to the IT guys to sort. You do it.

I'm in comms and IT. But I also good at both and understand the real world when it comes to these sorts of solutions.

ACSS - SME
General Geek

 

[wuzhounet]

That is not always possible. I can't just walk in and step all over their territory. Sometimes the telco is the minority technology and the data is the majority technology and the IT guys are in the drivers seat. I don't want to make enemies of them, I have to work with them.

 

[hairlessupportmonkey]

True, but at the same time you want your solution to work. You need to remind them that the PBX is as important if not more so that their PCs. A company can still function without a computer, but will struggle without a phone.

ACSS - SME
General Geek

 

[mattKnight]

That is not always possible. I can't just walk in and step all over their territory. Sometimes the telco is the minority technology and the data is the majority technology and the IT guys are in the drivers seat. I don't want to make enemies of them, I have to work with them.

Quite true, but your customer has asked you to provide them with a service to implement a new feature. You are concerned that the security of their network will be compromised by their IT team/supplier carrying out their part of the work. While I understand that this is not an easy discussion to have; ultimately you need to engage with the customer and explain the potential risk and how you aim to reduce & remove that risk.

In reality, SCN will not work over the open internet - it needs a VPN (as does most H.323) so the risk of doing this is negligable - if implemented properly i.e. decent perimter security appliances with appropriate configuration and monitoring.

If your IPO is currently configured to be directly internet facing then you will be hacked - regardless of whether the IT guys are good or bad

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

 

[IPGuru]

If you feel the Security of the IPO is compromised (& it is if it is visible on a public IP Address) and the customers IT team cant/wont rectify the situation then the best aproach (for your own protection) is to make the customer sign a disclaimer accepting that the system is insecure at their request & that you cannot be heled responsible for any losses.

Correctly writen no manager in his right mind will sign it & it will bounce all the way to a company director. if that director is competent then the IT team will be forced to take action, if not at least you are in the clear.


A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear

 

[wuzhounet]

Thanks all this is good sound advice!