[VOIPSA Best Practices] Best Practices document structure set - next question: are these the appropriate areas?

Greg Scallan spider at tellme.com
Fri Jan 19 07:14:21 CST 2007 

This list looks pretty exhaustive in terms of covering all the primary
components. Here are some additional items to contemplate:

 

9) There are some items on the periphery we may want to touch upon
somewhere since ensuring they are appropriately secured needs to be
contemplated by those building out VoIP networks. Such as:

 

a)       securing dependent systems and protocols (such as when using
DNS as per RFC 3263 or NTP).

b)      Securing VoIP Applications (such as CCXML or VoiceXML apps that
invoke VoIP related services and manage and have access to VoIP
signaling and media data)

 

10) What about features that span many of the categories below, such as
the multitude of ways to do DTMF?  Should we have separate sections on
best practices to transport DTMF end to end, or talk about it in each
section, referring to other ways of securing it?

 

11) How about BP for securing active and passive media quality assurance
systems, as these devices play a critical role for any service oriented
network being monitored?

 

greg

 

________________________________

From: bestpractices-bounces at voipsa.org
[mailto:bestpractices-bounces at voipsa.org] On Behalf Of
dan_york at Mitel.com
Sent: Friday, January 19, 2007 5:58 AM
To: bestpractices at voipsa.org
Subject: [VOIPSA Best Practices] Best Practices document structure set -
next question: are these the appropriate areas?

 


Best Practices team, 

Thank you to those of you who sent in comments either on the list or
directly to me.  A special thanks to Eugene Nechamkin who took the time
to write up a counter-proposal. Outside of his contribution, basically
all the feedback was for proposal #2, structuring the document around
functional areas, and so I'm going to say we're going with that. 

Now, the next question - is this list below from the wiki the
appropriate list of areas for VoIP-related best practices? 

1.        Securing Voice and Media stream 
2.        Securing Call Control 
3.        Securing Management Interfaces and APIs 
4.        Securing PSTN Interfaces and Traditional Telephony Issues
(i.e. don't forget toll fraud) 
5.        Securing Servers and Operating Systems 
6.        Securing IP Endpoints (ex. sets, softphones, etc.) 
7.        Securing the TCP/IP network (ex. VLANs, 802.1X, wireless,
etc.) 
8.        Physical Security, including backups, power, etc. 

Are we missing any major areas?  Should these be modified or tweaked? 

It seems to me to be a complete list, but then again, I wrote it, so of
course it would.  Any feedback is welcome. 

Regards,
Dan 

-- 
Dan York, CISSP
Dir of IP Technology, Office of the CTO
Mitel Corp.     http://www.mitel.com
dan_york at mitel.com +1-613-592-2122
PGP key (F7E3C3B4) available for 
secure communication

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://voipsa.org/pipermail/bestpractices_voipsa.org/attachments/20070119/03d7b7c3/attachment.htm>

More information about the bestpractices mailing list