SecureLogix's Enterprise Telephony Management System 5.0

Version 5.0 manages all voice traffic on analog spans, conventional digital voice lines and IP traffic over the Internet. With it, you can apply the same security rules and policies that govern your conventional phone lines to your VoIP traffic. The 5.0 beta supports SIP (Session Initiation Protocol) and the shipping version will support H.323v2, which defines how audiovisual data is transmitted.

Test Setup

SecureLogix sent us a 1U ETM 1090 appliance and a 1U ETM 1060 appliance, a WinXP 3.2-GHz Toshiba Satellite laptop with 1 GB of RAM running Oracle9i and a beta version of the ETM 5.0 suite.

To test TDM (time-division multiplexing) calls, we installed the SecureLogix equipment in-line on our ISDN PRI between a production PBX with more than 500 active extensions and the local telecom's central office. For VoIP, we plugged the ETM into our data infrastructure between the core router and firewall so all bits were monitored. VoIP calls were made using a Cisco handset over our data T1--we don't have a VoIP rig on our PBX. A SecureLogix engineer helped install the gear--most customers opt for preconfiguration and on-site installation.

All Calls Treated Equally

ETM continuously monitors audio data on all voice circuits and VoIP in real time, looking for discrete tones in TDM calls, such as STU-III, fax T.30 or 1,800 hertz on the voice line and voice codecs in the data stream. By detecting sequencing of audio tones/flags and audio data classification, the system labels calls as voice, fax, STU (secure telephone unit), modem, wideband (videoconferencing), undetermined (for brief calls that disconnect before identification) or unanswered. The in-band monitoring detects a change in a call type midstream, so users can't spoof a voice call on a fax line.

The IPS worked like a charm, relying on call data maintained by the usage manager and applying thresholds and rules as implemented by the administrator. Our test war-dialer IPS rule was set up to react to repetitive dialing behavior and to disallow any calls past a certain threshold with a one-hour reset. When the rule was applied with a threshold of 10 calls in an hour, the 11th call from the same dialer was terminated.Who's Listening?

The ETM 1090 system can capture digital recordings of any call and record up to eight simultaneous calls off one voice span. The 5.0 production release captures calls only off of a voice T1. SecureLogix is prepping VoIP recording for the next release.

The ETM 1060 caches audio at a rate of 57 MB per hour from up to 32 simultaneous calls, yielding roughly 2,000 hours capacity on the appliance, and it automatically uploads the recorded calls to your target server drive as .wav files.

ETM gives no indication to call participants that they are being recorded; check with your legal department before implementing any recording scheme. For our tests, we set up a few simple rules to record inbound calls to one of our tester's extensions from his cell phone and to record all calls to or from our campus IT helpdesk. All recordings worked as advertised and the sound quality was excellent.

Unfortunately, the interface for browsing and retrieving recorded calls isn't user-friendly. The file structure and naming conventions for the call recorder were designed to integrate with an existing military system, and it was cumbersome to sift through recorded call files manually. SecureLogix engineers promised a "civilian" interface in the production version.Should you upgrade? The interface improvements alone are worth the inconvenience of the upgrade, and all customers should take advantage of the integrated IPS. Installed ETM setups interested in VoIP support must buy a new chassis blade or 1U appliance.

Joe Hernick is the director of IT for the Loomis Chaffee School. Dean Ellerton is the CIO for Suffield Academy. Write to them at [email protected].