[VOIPSA Best Practices] Audience needs to be expanded... and should we include "quality assurance"? RE: Best Practices document structure set - next question: are these the appropriate areas?

[dan_york at Mitel.com]

Greg,

Thanks for pushing back on this point.  You're right that the audience as 
currently defined does not include people actually working with VoIP 
systems!  So we need to alter a bullet or introduce a new one.  Perhaps it 
is what I think Raul suggested earlier:

Security professionals and system/network/application adminstrators 
looking for a security baseline for VoIP systems. 

Does that cover it or do we need a separate bullet?

On the quality assurance area, I guess I'm still struggling in my mind 
with how deep we would want to go into that.  I guess I can see a lot of 
issues that can degrade quality that have very little to do with security, 
per se.  For instance, using poor quality cabling or bad NICs or... 
hopefully no one still is... hubs.  I totally agree with you that VoIP 
adds new areas such as those you mention that have to be factored in for 
quality.  But I'm still not sure how we integrate those into a "Best 
Practices for Securing Voice-over-IP/IP Telephony" document.

What would you see as best practices that we should include in the 
document?  I'm certainly very open to being convinced we should.

Thanks,
Dan






"Greg Scallan" <spider at tellme.com>
01/19/2007 11:56 AM
 
        To:     <dan_york at Mitel.com>
        cc:     <bestpractices at voipsa.org>
        Subject:        RE: [VOIPSA Best Practices] Best Practices 
document structure set - next question: are these the appropriate areas?


Regarding quality assurance, I think it goes back to how much the target 
audience of the BP cares about that topic.  Your list below does not 
include personnel responsible for operating and monitoring a VoIP service 
and so I agree that QA is not a major concern for your listed audience. 
However, I do think the target audience should include such personnel and 
they would care greatly about best practices for ensuring the security of 
their network.  There are many products and existing BP’s that cover this 
topic in general for IP networks, but VoIP adds an additional complexity, 
especially in the category of media jitter, latency and packet loss and 
its impact on services (especially that of recognition). 
 
Probably more importantly right now is documenting and agreeing on who 
exactly the target audience of this BP is.  That would help us identify 
the importance (and hence substance) of each section as it pertains to the 
listed consumers.
 
greg

 
we're trying to create a document that hits these audiences: 
End customers trying to understand how best to secure their systems. 
Security professionals looking for a security baseline for VoIP systems. 
System administrators, technicians, students and others looking to enter 
into working with VoIP systems. 
Press/media who want to understand how VoIP systems can be secured. 
[insert from other email]
11.  Interesting point.  Certainly "availability" is a security concern 
and *part* of that relates to quality assurance.  But I don't know how far 
we want to go down that road... we want to focus on helping people 
understand how to have a *secure* VoIP system, but not necessarily 
instructing them on how to have one with *excellent* audio quality.   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://voipsa.org/pipermail/bestpractices_voipsa.org/attachments/20070119/a03c510d/attachment.htm>