Lippis Report Issue 82: Securing Unified Communications Infrastructure
Unified Communications (UC) deployment is well underway. Of the big vendors, Avaya, Cisco, Siemens and Alcatel are delivering product today while Nortel and Microsoft promise UC and ask that you hold off purchasing competitive products. Innovative Communications Alliance (ICA), the Nortel/Microsoft joint venture, is scheduled to provide product guidance in June, a full year after its announcement. Mitel, Shortel, 3Com, IBM, Interactive Intelligence, NEC, Ericsson, AVST, Oracle, TeleWare, Objectworld, et al., are delivering UC. With the IP telephony, telecommunications and application industries focused on taking their share of the emerging $35B to $40B annual UC market it´s inevitable that UC will soon be a fact of corporate life. So the question is: are you ready? Is your infrastructure secure enough to support UC?
Related Whitepaper: Access Control Solutions
While IP telephony purchases are a top-down decision involving multiple groups, UC on the other hand is being bundled with other products and services and will quickly be included in new product releases, whether you want it or not. For IT leaders UC deployment will follow and be sourced by their IP telephony provider. For example, Avaya offers UC in its One-X and Multi-Vantage applications such as Avaya Modular Messaging, Avaya Meeting Exchange, Avaya Softphone and Avaya Video Telephony. UC is being added to its Converged Communications Server and Application Enablement Services too. Cisco offers CU unified messaging and CU Meeting Place. IBM is adding UC to Lotus Notes/Domino and Lotus SameTime and is planning UC support in WebSphere Application Server 6.1. Siemens´ HiPath OpenScape offers UC desktop and speech communications interfaces with presence and conferencing and works in multiple PBX environments. ICA promises UC functionality in Microsoft Outlook and SharePoint sometime in late 2007 or early 2008.
Related Whitepaper: Engaged Networks for Intelligent Communications
So how do IT leaders get their network infrastructure ready for UC? A security assessment is first in priority evaluating legal compliance for HIPPA, GLBA, SOX, etc., auditing procedures, user compliance, setting security policies and conducting perimeter, wireless and business continuity risk assessments. A few obvious points: UC rides on top of a converged IP network making UC services susceptible to the same outages as data services. Outages may be caused by exploits such as denial of service (DOS) attacks and other exploits propagating throughout a converged network. IP telephony products are as stable and reliable as their TDM brethren; UC availability and reliability is most impacted by the level of defense offered though network security and overall IP telephony design. Let´s address design reliability first.
Related Link: Converged Network Security for Dummies
Design Reliability: Reliability can also be viewed in terms of availability; that is, can UC services achieve five-nines availability or are voice and other communication applications available 99.999% of the time? Five-nines translate into 5.26 minutes of downtime a year. Two key design aspects define availability: first, a component´s mean time between failure (MTBF) and its mean time to repair (MTTR) define its availability by MTBF/(MTBF+MTTR); second, how components are interconnected into a network has calculable ?¬¢‚Äö√á¬®?√¨system" availability.
For over a year now, communication managers or the devices that set up and tear down connections have the same MTBF and MTTR ratings as TDM-based PBXs. IP telephony network designs, the underpinnings of UC, are distributed and de-centralized. TDM-based telephony is highly centralized with single points of failure. IP telephony architecture is modeled as parallel systems thanks to redundancy and packet network attributes while TDM are serial systems. Availability for serial and parallel system is calculated as such:
As = A1*A2
Ap = A1 + A2 – A1*A2
While the electrical engineer in me is tempted to fully develop the two equations, let´s just make some observations. First A1 and A2 are component availabilities while As and Ap are series and parallel system availability. The key lesson to learn from the above two equations is that in serial design system availability is always less than the availability of its components while a parallel design system availability is always greater than the availability of its components.
Related Whitepaper: Extreme Improvements for Network Security
In short, IP telephony design offers more options to improve system reliability than a TDM-based architecture. If availability is less than the stated number of nines reliability, then the designer could add parallel Ethernet switches, redundant servers, WAN links, communication servers etc., to increase system reliability. IP telephony designers have more options to manage reliability and availability than legacy TDM. To bolster UC reliability special care should be placed on SIP proxies or communication managers/servers as these are the devices which set-up and tear down connections. IT leaders should consider:
- Adding redundant communication managers separated by geography and placed in different buildings for disaster recovery
- Segmenting communication managers from other production IT assets to insulate them from exploits and attacks. Place the communication manager on a separate LAN with no direct root access.
- Partitioning communication manager´s non-executable hard drives
- Segment voice and data traffic by placing each service in their own VLAN or Virtual Local Area Network,
- Powering hard IP phones through power over Ethernet (PoE) supported switches
- Deploying only PoE-based Ethernet switches with enough power to drive color displays on each desktop
- Engaging with a E911 registry company such as RedSky for branch office deployments
- Deploying local survivable servers with at least one PSTN line at branch offices for redundant communications. G3 support for redundant branch office connectivity is an emerging option
- Integrating mobile devices with IP telephony systems through what some call fixed mobile convergence, but what I call extending UC to mobile devices
- Marking packets with Quality of Service (QoS) parameters at network access assuring end-to-end QoS for UC services
- Deploying wireless LAN access points which segment voice from data traffic flows through QoS and support WPA or 802.11i security
- Encrypting both media and signaling
- Requiring every employee to have a softphone as part of his/her UC configuration
The above is a partial list of IP telephony design considerations, which will increase UC reliability and availability. Network security in particular has a direct effect on UC reliability and availability.
Related Whitepaper: Who Should Control Your Security Infrastructure?
Network Security Reliability: The networking and IT security industries have focused on risk mitigation by the elimination or reduction of exploits propagating throughout a corporate network. These security initiatives have an even greater weight on business process as the network becomes converged and UC is deployed. Most networking and IT vendors are addressing network security via a threat defense architecture consisting of three basic components:
- Alarm aggregation and correlation to sift through large sums of alert data and turn it into actionable events or incidents identifying risk
- Identity management to ensure that users and devices are authorized to access IT resources and assist in forensics through identifying IP addresses and users
- Network access control to manage admittance to IT resources most commonly through VLAN management
Network security devices such as Intrusion Prevention Systems (IPS), firewalls, Network Based Anomaly Detection (NBAD), Security Information and Event Management (SIEM) and Application Intelligence are increasing their defenses for UC. NAC and NAP security access architectures are also increasing UC support. Monitoring companies such as Network Physics, Viola Networks and many others define voice quality metrics and provide network traffic views allowing operational groups to manage UC like other applications. These developments are key as security and network ops may be alerted to or observe anomalistic traffic behavior allowing them to respond before UC quality and reliability suffers.
Related Whitepaper: Enabling IP Telephony with Juniper Enterprise Solutions
As voice communications transition to UC, network security devices and monitoring firms have responded to provide operational groups traffic flow analysis views, alerts and exploit mitigation options. For example, an IPS may monitor, detect and audit changes to key files within UC products. If a password file is changed by an unknown process the IPS will alert security ops to investigate a potential security breach.
Related Whitepaper: Meru AirShield Security Suite: A Framework for Assured Mobile Application Delivery
Strong network defense is strong UC defense. All existing IT security devices deployed in a corporate network should be evaluated in terms of their ability to support UC flows. New network security acquisitions should also be evaluated in terms of their UC support features. IT leaders are advised to add UC considerations into enterprise network security plans. While each IP telephony vendor has their own architecture vulnerabilities which hackers exploit, the following is a list of best practices to defend a UC service.
For end-point security consider deploying:
- DoS protection
- 802.1x end-point authentication
- AES media encryption
- H.235.5 signaling encryption
For SIP proxy servers and communication managers consider deploying:
- Digitally signed software upgrades
- HTTPS/SSH for web access to configuration and administrative features
- Encryption for backup files
- IPS/IDS and potential firewall in front of communication managers
- A logging strategy which logs all connection attempts
- Separate physical interfaces for VoIP, administration and control
- SNMPv3 support for secure network management
- AES and H.235.5 media and signaling encryption
- PIN complexity rules which force password changes and demand a definable level of complexity
UC reliability and availability is a result of strong IP network security defenses and IP telephony network design. Network infrastructure vendors such as Cisco, ProCurve, Extreme and Foundry have been adding security products and features to their offerings, which will benefit UC along with the hundreds of other applications flowing over a converged network. Special care needs to be applied in IP telephony design, particularly the placement of communication managers, servers and gateways to isolate them from exploits. Securing end-point best practices include anti-virus, DoS, encryption and authentication protections. Creating secure connections between end-points and communication managers through encryption and separate VLANs further increases UC reliability. New VPN phones for remote and home office applications leverage VPN investments and protections to extend UC services outside of campus deployments. Branch office deployments have their own unique requirements including local survivability and alternative WAN access via the PSTN, DSL/cable broadband and the emerging 3G standard.
While there are multiple layers involved in securing a unified communications infrastructure, the good news is that much if not all past network and security infrastructure investment is leveraged. There is no large UC security capital budget required, just good network design and selection of suppliers who value and embed security features in their products.