[VOIPSA Best Practices] bestpractices Digest, Vol 3, Issue 5 - additional section Policy, Privacy, and Compliance
shawn lund
shawnlund_2001 at yahoo.com
Fri Jan 19 10:58:24 CST 2007
I would, also, suggest an additional section for
policy, privacy, and compliance best practices.
Cheers,
Shawn
--- bestpractices-request at voipsa.org wrote:
> Send bestpractices mailing list submissions to
> bestpractices at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web,
> visit
>
>
http://voipsa.org/mailman/listinfo/bestpractices_voipsa.org
> or, via email, send a message with subject or body
> 'help' to
> bestpractices-request at voipsa.org
>
> You can reach the person managing the list at
> bestpractices-owner at voipsa.org
>
> When replying, please edit your Subject line so it
> is more specific
> than "Re: Contents of bestpractices digest..."
>
>
> Today's Topics:
>
> 1. Re: Best Practices document structure set -
> next question:
> are these the appropriate areas? (Raul Siles)
> 2. Re: Best Practices document structure set -
> next question:
> are these the appropriate areas?
> (dan_york at Mitel.com)
> 3. Re: Best Practices document structure set -
> next question:
> are these the appropriate areas?
> (dan_york at Mitel.com)
> 4. DTMF and quality monitoring... RE: Best
> Practices document
> structure set - next question: are these the
> appropriate areas?
> (dan_york at Mitel.com)
>
>
>
----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 19 Jan 2007 14:36:19 +0100
> From: "Raul Siles" <raul.siles at gmail.com>
> Subject: Re: [VOIPSA Best Practices] Best Practices
> document structure
> set - next question: are these the appropriate
> areas?
> To: "dan_york at mitel.com" <dan_york at mitel.com>
> Cc: bestpractices at voipsa.org
> Message-ID:
>
>
<c004c40d0701190536x2a8fca67uce6c210ebab43272 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Dan,
> Good to see this is moving forward. The list is
> pretty exhaustive, although
> I would make some minor changes (including some of
> the issues pointed out by
> Greg and Sarb):
>
> 5. Securing Servers and Operating Systems
> >From my perspective, section 5 should focus on
> "Securing Servers", and this
> includes not only the OS, but the common
> applications running on the server
> and any recommended server security software:
> personal firewall, HIDS, file
> integrity tool...
>
> 6. Securing IP Endpoints (ex. sets,
> softphones, etc.)
> >From my perspective, section 6 should focus on
> "Securing IP
> Endpoints/Clients", and this includes the client
> OS/firmware, and the common
> client applications and any recommended security
> software: personal
> firewall, AV, HIDS... This section should be about
> clients, any client,
> including mobile/PDAs, wireless IP phones... (Sarb)
>
> 7. Securing the TCP/IP network (ex. VLANs,
> 802.1X, wireless, etc.)
> >From my perspective, section 7 should focus on
> "Securing the TCP/IP network
> and the basic TCP/IP services", and this includes
> layer 2 protocols (as the
> ones you've mentioned), but also layer 3/4 basic
> protocols required for the
> networking infrastructure, such as DNS, NTP, Syslog,
> SNMP (v3? ;-))...
> (Greg)
>
> Thoughts?
> --
> Ra?l Siles
> GSE
> www.raulsiles.com
>
> On 1/19/07, dan_york at mitel.com <dan_york at mitel.com>
> wrote:
> >
> >
> > Best Practices team,
> >
> > Thank you to those of you who sent in comments
> either on the list or
> > directly to me. A special thanks to Eugene
> Nechamkin who took the time to
> > write up a counter-proposal. Outside of his
> contribution, basically all the
> > feedback was for proposal #2, structuring the
> document around functional
> > areas, and so I'm going to say we're going with
> that.
> >
> > Now, the next question - is this list below from
> the wiki the appropriate
> > list of areas for VoIP-related best practices?
> >
> > 1. Securing Voice and Media stream
> > 2. Securing Call Control
> > 3. Securing Management Interfaces and APIs
> > 4. Securing PSTN Interfaces and Traditional
> Telephony Issues (i.e.
> > don't forget toll fraud)
> > 5. Securing Servers and Operating Systems
> > 6. Securing IP Endpoints (ex. sets,
> softphones, etc.)
> > 7. Securing the TCP/IP network (ex. VLANs,
> 802.1X, wireless, etc.)
> > 8. Physical Security, including backups,
> power, etc.
> >
> > Are we missing any major areas? Should these be
> modified or tweaked?
> >
> > It seems to me to be a complete list, but then
> again, I wrote it, so of
> > course it would. Any feedback is welcome.
> >
> > Regards,
> > Dan
> >
> > --
> > Dan York, CISSP
> > Dir of IP Technology, Office of the CTO
> > Mitel Corp. http://www.mitel.com
> > dan_york at mitel.com +1-613-592-2122
> > PGP key (F7E3C3B4) available for
> > secure communication
> >
> >
> > _______________________________________________
> > bestpractices mailing list
> > bestpractices at voipsa.org
> >
>
http://voipsa.org/mailman/listinfo/bestpractices_voipsa.org
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
/pipermail/bestpractices_voipsa.org/attachments/20070119/edffbe52/attachment-0001.html
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 19 Jan 2007 10:41:23 -0500
> From: dan_york at Mitel.com
> Subject: Re: [VOIPSA Best Practices] Best Practices
> document structure
> set - next question: are these the appropriate
> areas?
> To: "Ward, Bill" <bill.ward at cyberdefenses.com>
> Cc: bestpractices at voipsa.org
> Message-ID:
>
>
<OF7EDF2379.DDC5AA8A-ON85257268.00561BF6-85257268.005630F5 at mitel.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Bill,
>
> Welcome! Thanks for the feedback and glad to have
> you on board.
>
> Regards,
> Dan
>
>
>
>
>
> "Ward, Bill" <bill.ward at cyberdefenses.com>
> 01/19/2007 07:18 AM
>
> To: <dan_york at Mitel.com>,
> <bestpractices at voipsa.org>
>
=== message truncated ===
____________________________________________________________________________________
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/
More information about the bestpractices
mailing list