Lippis Report Issue 82: Securing Unified Communications Infrastructure

Unified Communications (UC) deployment is well underway. Of the big vendors, Avaya, Cisco, Siemens and Alcatel are delivering product today while Nortel and Microsoft promise UC and ask that you hold off purchasing competitive products. Innovative Communications Alliance (ICA), the Nortel/Microsoft joint venture, is scheduled to provide product guidance in June, a full year after its announcement. Mitel, Shortel, 3Com, IBM, Interactive Intelligence, NEC, Ericsson, AVST, Oracle, TeleWare, Objectworld, et al., are delivering UC. With the IP telephony, telecommunications and application industries focused on taking their share of the emerging $35B to $40B annual UC market it´s inevitable that UC will soon be a fact of corporate life. So the question is: are you ready? Is your infrastructure secure enough to support UC?

Related Whitepaper: Access Control Solutions

Get the Whitepaper

While IP telephony purchases are a top-down decision involving multiple groups, UC on the other hand is being bundled with other products and services and will quickly be included in new product releases, whether you want it or not. For IT leaders UC deployment will follow and be sourced by their IP telephony provider. For example, Avaya offers UC in its One-X and Multi-Vantage applications such as Avaya Modular Messaging, Avaya Meeting Exchange, Avaya Softphone and Avaya Video Telephony. UC is being added to its Converged Communications Server and Application Enablement Services too. Cisco offers CU unified messaging and CU Meeting Place. IBM is adding UC to Lotus Notes/Domino and Lotus SameTime and is planning UC support in WebSphere Application Server 6.1. Siemens´ HiPath OpenScape offers UC desktop and speech communications interfaces with presence and conferencing and works in multiple PBX environments. ICA promises UC functionality in Microsoft Outlook and SharePoint sometime in late 2007 or early 2008.

Related Whitepaper: Engaged Networks for Intelligent Communications

Get the Whitepaper

So how do IT leaders get their network infrastructure ready for UC? A security assessment is first in priority evaluating legal compliance for HIPPA, GLBA, SOX, etc., auditing procedures, user compliance, setting security policies and conducting perimeter, wireless and business continuity risk assessments. A few obvious points: UC rides on top of a converged IP network making UC services susceptible to the same outages as data services. Outages may be caused by exploits such as denial of service (DOS) attacks and other exploits propagating throughout a converged network. IP telephony products are as stable and reliable as their TDM brethren; UC availability and reliability is most impacted by the level of defense offered though network security and overall IP telephony design. Let´s address design reliability first.

Related Link: Converged Network Security for Dummies

Get the Whitepaper

Design Reliability: Reliability can also be viewed in terms of availability; that is, can UC services achieve five-nines availability or are voice and other communication applications available 99.999% of the time? Five-nines translate into 5.26 minutes of downtime a year. Two key design aspects define availability: first, a component´s mean time between failure (MTBF) and its mean time to repair (MTTR) define its availability by MTBF/(MTBF+MTTR); second, how components are interconnected into a network has calculable ?¬¢‚Äö√ᬮ?√¨system" availability.

For over a year now, communication managers or the devices that set up and tear down connections have the same MTBF and MTTR ratings as TDM-based PBXs. IP telephony network designs, the underpinnings of UC, are distributed and de-centralized. TDM-based telephony is highly centralized with single points of failure. IP telephony architecture is modeled as parallel systems thanks to redundancy and packet network attributes while TDM are serial systems. Availability for serial and parallel system is calculated as such:

As = A1*A2

Ap = A1 + A2 – A1*A2

While the electrical engineer in me is tempted to fully develop the two equations, let´s just make some observations. First A1 and A2 are component availabilities while As and Ap are series and parallel system availability. The key lesson to learn from the above two equations is that in serial design system availability is always less than the availability of its components while a parallel design system availability is always greater than the availability of its components.

Related Whitepaper: Extreme Improvements for Network Security

Get the Whitepaper

In short, IP telephony design offers more options to improve system reliability than a TDM-based architecture. If availability is less than the stated number of nines reliability, then the designer could add parallel Ethernet switches, redundant servers, WAN links, communication servers etc., to increase system reliability. IP telephony designers have more options to manage reliability and availability than legacy TDM. To bolster UC reliability special care should be placed on SIP proxies or communication managers/servers as these are the devices which set-up and tear down connections. IT leaders should consider:

  • Adding redundant communication managers separated by geography and placed in different buildings for disaster recovery
  • Segmenting communication managers from other production IT assets to insulate them from exploits and attacks. Place the communication manager on a separate LAN with no direct root access.
  • Partitioning communication manager´s non-executable hard drives
  • Segment voice and data traffic by placing each service in their own VLAN or Virtual Local Area Network,
  • Powering hard IP phones through power over Ethernet (PoE) supported switches
  • Deploying only PoE-based Ethernet switches with enough power to drive color displays on each desktop
  • Engaging with a E911 registry company such as RedSky for branch office deployments
  • Deploying local survivable servers with at least one PSTN line at branch offices for redundant communications. G3 support for redundant branch office connectivity is an emerging option
  • Integrating mobile devices with IP telephony systems through what some call fixed mobile convergence, but what I call extending UC to mobile devices
  • Marking packets with Quality of Service (QoS) parameters at network access assuring end-to-end QoS for UC services
  • Deploying wireless LAN access points which segment voice from data traffic flows through QoS and support WPA or 802.11i security
  • Encrypting both media and signaling
  • Requiring every employee to have a softphone as part of his/her UC configuration

The above is a partial list of IP telephony design considerations, which will increase UC reliability and availability. Network security in particular has a direct effect on UC reliability and availability.

Related Whitepaper: Who Should Control Your Security Infrastructure?

Get the Whitepaper

Network Security Reliability: The networking and IT security industries have focused on risk mitigation by the elimination or reduction of exploits propagating throughout a corporate network. These security initiatives have an even greater weight on business process as the network becomes converged and UC is deployed. Most networking and IT vendors are addressing network security via a threat defense architecture consisting of three basic components:

  1. Alarm aggregation and correlation to sift through large sums of alert data and turn it into actionable events or incidents identifying risk
  2. Identity management to ensure that users and devices are authorized to access IT resources and assist in forensics through identifying IP addresses and users
  3. Network access control to manage admittance to IT resources most commonly through VLAN management

Network security devices such as Intrusion Prevention Systems (IPS), firewalls, Network Based Anomaly Detection (NBAD), Security Information and Event Management (SIEM) and Application Intelligence are increasing their defenses for UC. NAC and NAP security access architectures are also increasing UC support. Monitoring companies such as Network Physics, Viola Networks and many others define voice quality metrics and provide network traffic views allowing operational groups to manage UC like other applications. These developments are key as security and network ops may be alerted to or observe anomalistic traffic behavior allowing them to respond before UC quality and reliability suffers.

Related Whitepaper: Enabling IP Telephony with Juniper Enterprise Solutions

Get the Whitepaper

As voice communications transition to UC, network security devices and monitoring firms have responded to provide operational groups traffic flow analysis views, alerts and exploit mitigation options. For example, an IPS may monitor, detect and audit changes to key files within UC products. If a password file is changed by an unknown process the IPS will alert security ops to investigate a potential security breach.

Related Whitepaper: Meru AirShield Security Suite: A Framework for Assured Mobile Application Delivery

Get the Whitepaper

Strong network defense is strong UC defense. All existing IT security devices deployed in a corporate network should be evaluated in terms of their ability to support UC flows. New network security acquisitions should also be evaluated in terms of their UC support features. IT leaders are advised to add UC considerations into enterprise network security plans. While each IP telephony vendor has their own architecture vulnerabilities which hackers exploit, the following is a list of best practices to defend a UC service.

For end-point security consider deploying:

  • DoS protection
  • 802.1x end-point authentication
  • AES media encryption
  • H.235.5 signaling encryption

For SIP proxy servers and communication managers consider deploying:

  • Digitally signed software upgrades
  • HTTPS/SSH for web access to configuration and administrative features
  • Encryption for backup files
  • IPS/IDS and potential firewall in front of communication managers
  • A logging strategy which logs all connection attempts
  • Separate physical interfaces for VoIP, administration and control
  • SNMPv3 support for secure network management
  • AES and H.235.5 media and signaling encryption
  • PIN complexity rules which force password changes and demand a definable level of complexity

UC reliability and availability is a result of strong IP network security defenses and IP telephony network design. Network infrastructure vendors such as Cisco, ProCurve, Extreme and Foundry have been adding security products and features to their offerings, which will benefit UC along with the hundreds of other applications flowing over a converged network. Special care needs to be applied in IP telephony design, particularly the placement of communication managers, servers and gateways to isolate them from exploits. Securing end-point best practices include anti-virus, DoS, encryption and authentication protections. Creating secure connections between end-points and communication managers through encryption and separate VLANs further increases UC reliability. New VPN phones for remote and home office applications leverage VPN investments and protections to extend UC services outside of campus deployments. Branch office deployments have their own unique requirements including local survivability and alternative WAN access via the PSTN, DSL/cable broadband and the emerging 3G standard.

While there are multiple layers involved in securing a unified communications infrastructure, the good news is that much if not all past network and security infrastructure investment is leveraged. There is no large UC security capital budget required, just good network design and selection of suppliers who value and embed security features in their products.

2 Debates over Lippis Report Issue 82: Securing Unified Communications Infrastructure

  1. artr said:

    While security and reliability are indeed considerations in network design for unified communications, the bottom line for accommodating traffic is capacity planning. One of the challenges for converging all forms of communications traffic under UC is that such traffic will change dynamically from the past. Voice messages will become email text messages, IM contacts will become conversational voice connections, and two-party calls can extend to “instant” multi-party voice or video contacts. (We have already had telephone calls that become voice messages.)

    In planning for this kind of dynamically-changing activity, it would seem appropriate for network designers to enable activity data to be collected for operational analysis on a “unified” basis. This would enable “people contact” activity to be tracked across modalities of communication (“transmodal”) in order to project overall traffic demands. Clearly, there will be differences in network needs between an IM connection, asynchronous messaging, conversational voice, and video, and in escalating from one modality to the other, network capacity needs will be constantly shifting.

    In effect, it is not enough to track messages and phone call activity, but also to track “multimodal” contacts.


    Art Rosenberg
    The Unified-View

  2. Uvyehhps said: