W O R K S H O P

Hold the IP Phone

July 22, 2002
By Darrin Woods

>> continued from previous page

OS Concerns

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	OS Concerns
	Glossary
	The Business Case for IP Telephony

A key area to consider when choosing a PBX is the underlying OS. IP-based PBXs come in two basic flavors, closed and open. Those built around proprietary architectures are considered closed, while systems built on off-the-shelf PCs and OSs are open. For example, Alcatel's systems use Unix or Linux; AltiGen, Avaya and Cisco Systems use Windows; 3Com Corp. and Mitel Networks Corp. use Wind River Systems' VxWorks; and NEC Corp. and Siemens run proprietary OSs (for in-depth reviews of telephony products, see www.commweb.com).

Each type has pros and cons. First, with closed PBX architectures, everything comes from one vendor, meaning you'll have only one company to contact when you encounter problems. Combining components from multiple vendors can make for complex, hard-to-maintain systems and possible security breaches caused by interoperability troubles. Because closed systems don't use off-the-shelf OSs, someone trying to hack into a closed PBX will have to spend time learning about the OS and how it operates. As always, applying any and all security patches for your PBX OS, whether open or closed, is important. On the plus side for open systems, security patches may become available quicker than they will for closed architectures, lessening the time you may be vulnerable.

Keep Your Eyes Open

Monitoring is a must for you to maintain the security of your IP PBX. Get accustomed to examining reports on a regular basis--don't become complacent. Reports are the early warning system that alerts you to possible problems. They can flag not only suspicious IP traffic, but also calls that shouldn't be going through the system.

Scrutinize the reports every day, seeking not only blatantly suspicious calls, such as those to foreign countries and those that occur when people should not be in the office, but also subtler anomalies, such as an excessive number of calls from one extension. Look for calls to locations beyond the normal calling area, as well as those that last longer than usual. And consider using IP PBXs, like 3Com's NBX, available through the Network Supervisor add on, that include a real-time alarm-forwarding feature that can alert you to calls outside the expected norm for length and destination.

Analog's Not Dead Yet

While IP PBXs can eliminate analog lines from your organization completely and deliver packetized voice directly to your carrier, you should avoid this setup. Keep some analog lines connected to your enterprise in case of emergency--if your data network has a catastrophic failure, it's important to have the ability to make calls for emergency services until the data problem is solved.

On the management side, any access to change configuration of the IP PBX should be carried out on specific TCP/UDP ports that can be encrypted. Limiting administrative access to a particular IP address can also thwart would-be intruders. To avoid IP spoofing, the MAC (Media Access Control) and IP addresses of authentic administrative terminals should be bound together.

Make a New Plan, Stan

The best defense is to be aware of possible holes in your networks, including those in your voice systems. Endeavor to create a risk assessment to pinpoint vulnerable areas in your IP PBX. A comprehensive guide to conducting a PBX vulnerability analysis is available in PDF form from the National Institute of Standards and Technology (Special Publication 800-24). Any assessment should start with defining which PBX services your employees will need, then determining how open those services may be to security attacks. In your assessment, realize that attacks on the IP PBX could come from behind the firewall--a disgruntled user might try to take down your phone system.

VPNs should be used for any external access to the IP PBX, including access by telecommuters or branch office employees who use the corporate voice network. A little latency is a small price to pay for the security this setup provides.

Whatever services you deploy from your IP PBX, constantly testing for security breaches is paramount. Scheduled scanning should be part of your regular regimen. And when breaches occur, it is important to have a plan of action ready. Don't wait until your IP PBX goes down before you think about how to get it back into service.

Features That Can Cause Headaches

• DISA: Traveling users make for a host of security concerns, such as how to secure DISA (Direct Inward System Access) services, which enable employees to access the corporate PBX without being directly connected to it--to retrieve voicemail, for example. While the vulnerability pertaining to DISA exists in non-IP-based PBXs, the problem is expanded when gaining access to the PBX can also give an intruder the run of the corporate data network; at the very least, intruders could have the IP PBX place long-distance calls or even crank or obscene calls that would be hard to trace.

Clearly, DISA can be a big security hole if it's not properly managed and should be used only with caller ID and, if possible, RSA Security's SecurID, or smartcard technology. Restricting DISA to only those calling from phone numbers that the system accepts, like a salesman's cell phone, means hackers will have a harder time breaking in, but the trade-off is that legitimate users will be limited in the locations from which they can access voicemail.

• Substitution: While call forwarding moves only calls from one phone to another, substitution moves all the features, including address book, access abilities and personalized speed dial. The danger is that most PBXs let administrators block certain calls to specific extensions and dictate just what calls can be made from an extension. Substitution can bypass all these safeguards by letting employees move the functions they're permitted to use to different phones. Your CEO could be walking out of the building and need to make a quick call. Instead of walking back, using substitution he could transfer the functions of his phone down to a lobby phone and get all the access he would have from his office.

This is great--unless the CEO forgets to log off the lobby phone and transfer the features back to his office. If that's not done, anyone picking up that lobby phone could have access to the CEO's call database and features. Substitution should be kept at one call and then automatically transferred back, or not used at all. At the very least, the IP PBX should be configured to reset itself once a day to put everything back where it was. Note that substitution is a temporary convenience feature and is not designed to be used when an employee moves from one office to another. That's a management area where unified messaging holds promise (see InternetWeek's "A Unified View," and "CallPilot Aces UM Challenge"). But that's another workshop.

Darrin Woods is a Network Computing contributing editor. He has worked as a WAN engineer for a telecom carrier. Send your comments on this article to him at dwoods@nwc.com.