Introduction

We begin the process of securing the VoIP infrastructure by reviewing and validating the existing security infrastructure. Addition of VoIP components to a preexisting data network is the ideal opportunity to review and bolster existing security policy, architecture, and processes.

One way of visualizing the components of a given security architecture is to use Figure 10.1, which graphically shows a number of network security interfaces.

Figure 10.1: Security Interfaces

The interfaces between data and voice networks and the external world are represented by the red circles numbered 1 through 6. Additionally, data and voice networks share interfaces with the physical and social realms. Interfaces to data and networks include VPNs, telephones and modems (modems that are used to control or monitor servers or other critical systems are particularly interesting to miscreants), typical web browsing and e-mail services, intracompany WAN connections, and intranet or external connections with vendors and business partners. Technical security controls such as firewalls, IDS, and ACLs are useful at these interfaces.

Interfaces 7 through 9 portray the users, administrators, and help desk personnel that connect with the data and voice networks. In some situations, a call center for example, an additional class of users operators could be defined. I believe, based upon personal and anecdotal evidence, that most criminal information security incidents occur via these social interfaces. Unfortunately, technological security controls are difficult to implement and manage at these interfaces.

Interfaces 10 through 12 represent the interfaces between the physical domain and the data and voice network.