[VOIPSA Best Practices] Audience needs to be expanded... and should we include "quality assurance"? RE: Best Practices document structure set - next question: are these the appropriate areas?

Greg Scallan spider at tellme.com
Mon Jan 22 10:01:46 CST 2007 

I think all 4 of your bullets are missing "operations personnel that run
VoIP networks and services".  These are the clients of this document I
am thinking of.  They are different from "security professionals" in the
sense that security is just one aspect of what they care about.  They
are definitely different from administrators, a group which doesn't
actively monitor but function in an offline capacity.  Something along
the lines of  "operations personnel looking to ensure the security of
VoIP networks and services".

 

Regarding a BP for QoS, something along the lines of listing the
deployment of active and passive media quality monitoring equipment to
ensure a minimum MOS score is being met for applications that could
suffer DoS attacks because the quality of audio is critical to their
function (such as speech recognition).

 

greg

 

________________________________

From: dan_york at Mitel.com [mailto:dan_york at Mitel.com] 
Sent: Friday, January 19, 2007 2:36 PM
To: Greg Scallan
Cc: bestpractices at voipsa.org
Subject: Audience needs to be expanded... and should we include "quality
assurance"? RE: [VOIPSA Best Practices] Best Practices document
structure set - next question: are these the appropriate areas?

 


Greg, 

Thanks for pushing back on this point.  You're right that the audience
as currently defined does not include people actually working with VoIP
systems!  So we need to alter a bullet or introduce a new one.  Perhaps
it is what I think Raul suggested earlier: 

*	Security professionals and system/network/application
adminstrators looking for a security baseline for VoIP systems. 


Does that cover it or do we need a separate bullet? 

On the quality assurance area, I guess I'm still struggling in my mind
with how deep we would want to go into that.  I guess I can see a lot of
issues that can degrade quality that have very little to do with
security, per se.  For instance, using poor quality cabling or bad NICs
or... hopefully no one still is... hubs.  I totally agree with you that
VoIP adds new areas such as those you mention that have to be factored
in for quality.  But I'm still not sure how we integrate those into a
"Best Practices for Securing Voice-over-IP/IP Telephony" document. 

What would you see as best practices that we should include in the
document?  I'm certainly very open to being convinced we should. 

Thanks,
Dan 





 

"Greg Scallan" <spider at tellme.com> 

01/19/2007 11:56 AM 

        
        To:        <dan_york at Mitel.com> 
        cc:        <bestpractices at voipsa.org> 
        Subject:        RE: [VOIPSA Best Practices] Best Practices
document structure set - next question: are these the appropriate areas?




Regarding quality assurance, I think it goes back to how much the target
audience of the BP cares about that topic.  Your list below does not
include personnel responsible for operating and monitoring a VoIP
service and so I agree that QA is not a major concern for your listed
audience.  However, I do think the target audience should include such
personnel and they would care greatly about best practices for ensuring
the security of their network.  There are many products and existing
BP's that cover this topic in general for IP networks, but VoIP adds an
additional complexity, especially in the category of media jitter,
latency and packet loss and its impact on services (especially that of
recognition). 
  
Probably more importantly right now is documenting and agreeing on who
exactly the target audience of this BP is.  That would help us identify
the importance (and hence substance) of each section as it pertains to
the listed consumers. 
  
greg

  
we're trying to create a document that hits these audiences: 

*	End customers trying to understand how best to secure their
systems. 
*	Security professionals looking for a security baseline for VoIP
systems. 
*	System administrators, technicians, students and others looking
to enter into working with VoIP systems. 
*	Press/media who want to understand how VoIP systems can be
secured. 

[insert from other email] 
11.  Interesting point.  Certainly "availability" is a security concern
and *part* of that relates to quality assurance.  But I don't know how
far we want to go down that road... we want to focus on helping people
understand how to have a *secure* VoIP system, but not necessarily
instructing them on how to have one with *excellent* audio quality.   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://voipsa.org/pipermail/bestpractices_voipsa.org/attachments/20070122/6e9c64d9/attachment.htm>

More information about the bestpractices mailing list