1 / 20

Warning:

ISSA June 2005 Luncheon Are You Ready for VOIP? Tim McCreight – CISSP CPP ARC Business Solutions Inc. Warning: This presentation contains violence, coarse language, mature themes and honest opinions. Viewer discretion is advised. Agenda. Introduction to VoIP Marketing Pitch

verda
Download Presentation

Warning:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISSA June 2005 LuncheonAre You Ready for VOIP?Tim McCreight – CISSP CPPARC Business Solutions Inc.

  2. Warning: This presentation contains violence, coarse language, mature themes and honest opinions. Viewer discretion is advised.

  3. Agenda • Introduction to VoIP • Marketing Pitch • Security Concerns • What you should be asking… • Question and Answer Session

  4. VOIP in the News

  5. Intro to VOIP - Internet • Uses an analog phone & adaptor • Can use a PC • Plugs into DSL or broadband • Connects to other IP users, or PSTN • Examples: Vonage, Skype

  6. Intro to VoIP – IP PBX • Platform resides on your premise • Makes use of existing infrastructure • Blends data and voice within your network • Separates traffic to the PSTN • Security is primarily your concern

  7. Intro to VoIP – Hosted Solution • Platform is now hosted by your IXC/ILEC/CLEC • You share an access point with the Service Provider • Blends data and voice from your network to the SP • SP’s security now becomes a critical component Image available from www.networkmagazine.com, January 2004 issue

  8. Hosted IP Scenario - Example

  9. “Have we got a deal for you…” • One network • No additional CAPEX • Cost savings on staff and network • Mobility • Cool features! • Help for road warriors • Advanced feature sets • Not quite 5 9’s, but close…

  10. Those Mysterious 9’s • 99.999 percent uptime = 5 minutes unscheduled outage in one year • 99.9 percent uptime = 8.8 HOURS of unscheduled outage • 99 percent uptime = 87.6 HOURS of unscheduled outage

  11. …And now the bad news… • User expectations • E911 concerns and limitations • Man in the middle attacks, et al. • Network congestion • DDOS vulnerabilities • Spam over Internet Telephony (SPiT) • SIP/H.323 Vulnerabilities

  12. More Security Concerns • Impersonation, LD fraud • Packet inspection – ntwk and app layer • Remote access – yours and vendors • Insecure paths • Policies and procedures • Vendor response and security • Network monitoring

  13. What You Should Be Asking • Service Level Agreements • Security Defenses in Place – at Carrier • Security Operation Centre – at Carrier • CIRT Team in place – at Carrier and you! • Response to Incidents by Carrier • Protection from other customers within Carrier network • Fraud protection

  14. …more Questions • Cost to upgrade IS/IT equipment for QoS, PoE, etc. throughout your network • Appropriate firewall at YOUR perimeter, to monitor traffic between you and the carrier • What controls do YOU have in place: AV, IDS, patch management, policies… • E911 issues: mitigation strategies, etc.

  15. Q & A Session

  16. Presented By: Tim McCreight, CISSP CPP Director, Security Consulting Division ARC Business Solutions Inc. (780)702-5022 ext. 106 tmccreight@arcbus.com

More Related