Title: Securing Cisco IP Telephony Networks
Authors: Akhil Behl
Publisher: Cisco Press
Published: September 10, 2012
Edition: 1st Edition
Reviewer: Arani Mukherjee
The days of staring at a mess of wires under the desk coming out of a PSTN Master Socket are truly over. The advent of VoIP has broken the stranglehold of a telephone cable and the network has finally taken over. I would not say that IP Telephony has revolutionised the telephony sector. That momentous transition happened years ago. We currently are going through a phase where it is common to have IP Telephony integrated into any enterprise and network administrators are actively implementing security measures and policies to it. Network security is of paramount importance and IP Telephony is not to be left behind. The fact is that Cisco, the market leader in network technology, also happens to be leading the IP Telephony field. Hence it has rightly decided that establishing robust security architecture is core to Cisco IP Telephony.
The latest Cisco title addresses the aforementioned issue promptly and efficiently. Whenever a technology becomes efficient, scalable and portable and is seen as an improvement on the incumbent technology, it is deemed indispensable. From that moment it also becomes a point of failure that can cripple a business because it has now inherited security vulnerabilities and threats. The same can be said about Cisco IP Telephony. What this books aims to achieve is, and I quote, “to explain an End-to-End IP Telephony Security approach and architecture…” And I assure you, this title does plenty of justice to that aim. So let’s dig deeper into the way this book deals with the issues and how it tackles security policies, principles and their respective implementations.
Note: Users can also read our interview of the author Akhil Behl at the following url:
Interview: Akhil Behl Double CCIE (Voice & Security) #19564
In the introductory section of ‘Who should read this book?’, it is touted that “anyone who is interested in Cisco IP Telephony and network security” should be reading this book. Even though I would not wholly reject this point, I would prefer people reading this title have some form of experience in IP Telephony, especially Cisco products. Things become easier to comprehend. That should not mean that I am restricting the readership, it only means that this is not strictly a beginner’s guide on IP Telephony itself. However I would definitely put this book down as a reference and as a guide for IP Telephony security.
The typical hallmarks of a Cisco publication are all present in this title. The entire book is neatly partitioned into 4 major sections. I will do my best to present these chapters. I don’t really have a hard job to do here, as the chapters speak for themselves.
In Part I, the first couple of chapters introduce the concepts of the nature of IP Telephony security and the need to secure the associated infrastructure. The working components of Cisco IP Telephony are explained, especially the elements that can be secured, along with the necessary methodology of securing those key elements. Then we delve into the issues of risk assessment, strategies, and the cost of implementing those assessments and strategies. This part is rounded off with a conclusive discussion on the IP Telephony Security Framework.
In Part II, the issue of network security in terms of IP Telephony is addressed in terms of various types of threats and the respective policies and procedures that would make a more robust and protected network infrastructure. Various types of threats are discussed and are immediately followed up with their “mitigation techniques”. Best and leading practices for such techniques are discussed extensively throughout these sections. Just when I was wondering if there was any hardware oriented security methods that might be part of this title, I was introduced to the well known ASA devices being used as firewalls. What this book effectively does is show us how to best use the features of the ASA firewall to deliver IP Telephony security. This is well explained under the term of ‘perimeter security’. It is highly commendable how the firewall technologies are brilliantly explained in easy flowing terms.
In Part III we are introduced to the software side of this whole security infrastructure. This is where readers will be made aware of the well known Cisco UCM (Unified Communication Manager), and how best to use its capabilities to secure the IP Telephony network. Features like Cisco Unity and how you can secure it from threats like eavesdropping, toll fraud and account hijacking amongst other threats. Special emphasis is put on the knowhow of ensuring protection to the softphone clients. A section is dedicated entirely to toll fraud and how to implement secure conferencing and securing voice media. This is all about the Cisco IOS Voice Gateway, the strategies and methodologies for monitoring it. We also get a view into the Cisco Voice Gatekeeper, and Cisco Unified Border Element. This is a critical element in ensuring safeguards against threats that the IP Telephony can be exposed to when interacting with third party organisations.
Other important software platforms discussed are the Cisco Unified communications Manager Express and Cisco Unity Express Security, which also forms an integral part of the security infrastructure. The issues of ring fencing end points of IP Phones, both wired and wireless, are discussed extensively, along with the penultimate chapter dedicated to the softphone, Cisco IP Communicator.
This bring us to the last part, Part IV.
This is all about network management and application management. Several types of network management are displayed, along with the wide spectrum of their corresponding protocols. This section is all about sustainability and efficiency. We have examples, processes and methods for implementing a robust and secure management. The concluding section deals with the Security Event Management System, for logs and event aggregation.
This is a well rounded book for all security issues and their remedial techniques for IP Telephony. As I said before, this is both a reference and a guide. As more and more enterprises move into the arena of IP Telephony, Cisco IP Telephony solutions become a natural choice. This book will therefore help them to establish a robust, safe and secure IP Telephone network that can adapt to all security threats and keep the infrastructure secure. So for all IP Telephony administrators, this is a no brainer. The title delivers its aims flawlessly and is an asset to any network administrator who picks it up and implements its security methods and procedures.