To simplify configuration and management, you can install your voice equipment on a VLAN or physically separate your voice equipment onto its own LAN segment. This can also reduce your vulnerability from potential holes in your legacy voice equipment. Many large-scale PBXs, including devices from Avaya, Nortel Networks and Siemens, rely on vendor dial-in or VPN RAS for maintenance and upgrades. Direct-dial modem ports made sense at one time, but today they present a back door to your data network. So if you have older telecom equipment, choose a secure remote-access solution instead.
Regardless of your gear's vintage, make sure vendor and telecom-administrator user accounts comply with your company's security and access policies. It's bad enough if a black hat hacker gains access to your PBX or VRU via a forgotten dial-in default account and password. But it's downright disastrous if a hacker exploits that account on an IP-enabled telecom box to gain access to your whole shop. If a hacker uses telnet to gain access to an admin account on your Unix-based VRU, you're wide open.
So before you integrate your legacy voice equipment into your data environment, take some extra design time to put sufficient security precautions into place for all telco gear. If your budget allows, consider adding a hardware voice firewall solution, such as SecureLogix's ETM, to complement your existing data security precautions. (For more information, see "Dial 1-800 Plug Holes" and "SecureLogix Encore").
Voice over IP is the next generation of switched telephony (see "A VoIP Wake-Up Call"). It works like this: An analog signal (human voice) is digitized, compressed, wrapped in IP packets and sent off to a destination address (the other end of the conversation). When the packets reach their destination, they're assembled in proper order, decompressed and played back as an analog signal. This must occur in real time and in full duplex, so that both parties can speak over each other and still be heard, for instance.