<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns0="http://schemas.microsoft.com/office/2004/12/omml">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--a:link
{mso-style-priority:99;}
span.MSOHYPERLINK
{mso-style-priority:99;}
a:visited
{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
{mso-style-priority:99;}
/* Font Definitions */
@font-face
{font-family:Batang;
panose-1:2 3 6 0 0 1 1 1 1 1;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@Batang";
panose-1:2 3 6 0 0 1 1 1 1 1;}
@font-face
{font-family:Calibri;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi All,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Great discussion! <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Regarding SPIT I am not sure if the
industry has any good practices yet. I believe this problem is emerging but
solutions are still in the research stage. However, it may be a good idea to
have a stub or a place holder to document emerging practices like these, or
those that address security issues of presence information, for example!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Cheers,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><br>
Nhut<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=3 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
bestpractices-bounces@voipsa.org [mailto:bestpractices-bounces@voipsa.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Jozef Janitor<br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, January 19, 2007
11:23 AM<br>
<b><span style='font-weight:bold'>To:</span></b> dan_york@Mitel.com;
bestpractices@voipsa.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [VOIPSA Best
Practices] Best Practices document structure set -next question: are these the
appropriate areas?</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Does the point #8
describe also the fail-over procedures? So if my primary call controller broke
down then the second call controller will automatically handle the active
calls? This may involve some clustering techniques.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Also important part
of voip security is the credibility of an incoming calling number (callid).
Because in the PSTN network normally I can’t change my callid, but in the
VoIP it’s usually not a big problem. Maybe this problem could be handled
with ENUM.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>QoS – this is
very important when we are going to talk about security in voip. We have to
consider what level of security do we need because the encryption of traffic
and other security features are always adding additional delay to the
transported voice. If the value of this additional delay is going to be too
high then our call is maybe for 100% secured but it’s not pleasant to
hear.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>And SpIT. We know
that controlling SPAM in our emails is very difficult . But controlling SPAM in
VoIP will be even more difficult. So I hope that some pages in this document
will also cover the possibilities of solving the SpIT problem.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>All the best,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'> Jozef
Janitor<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'> <a
href="http://www.cnl.tuke.sk">www.cnl.tuke.sk</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> bestpractices-bounces@voipsa.org
[mailto:bestpractices-bounces@voipsa.org] <b><span style='font-weight:bold'>On
Behalf Of </span></b>dan_york@Mitel.com<br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, January 19, 2007
11:58 AM<br>
<b><span style='font-weight:bold'>To:</span></b> bestpractices@voipsa.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> [VOIPSA Best Practices]
Best Practices document structure set - next question: are these the
appropriate areas?<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>Best Practices team,</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Thank
you to those of you who sent in comments either on the list or directly to me.
A special thanks to Eugene Nechamkin who took the time to write up a
counter-proposal. Outside of his contribution, basically all the feedback was
for proposal #2, structuring the document around functional areas, and so I'm
going to say we're going with that.</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Now,
the next question - is this list below from the wiki the appropriate list of
areas for VoIP-related best practices?</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>1.
</span></font>Securing Voice and Media stream <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>2.
</span></font>Securing Call Control <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>3.
</span></font>Securing Management Interfaces and
APIs <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>4.
</span></font>Securing PSTN Interfaces and
Traditional Telephony Issues (i.e. don't forget toll fraud) <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>5.
</span></font>Securing Servers and Operating Systems <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>6.
</span></font>Securing IP Endpoints (ex. sets,
softphones, etc.) <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>7.
</span></font>Securing the TCP/IP network (ex.
VLANs, 802.1X, wireless, etc.) <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>8.
</span></font>Physical Security, including backups,
power, etc. <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Are we
missing any major areas? Should these be modified or tweaked?</span></font>
<br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>It
seems to me to be a complete list, but then again, I wrote it, so of course it
would. Any feedback is welcome.</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Regards,<br>
Dan</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>-- <br>
Dan York, CISSP<br>
Dir of IP Technology, Office of the CTO<br>
Mitel Corp. http://www.mitel.com<br>
dan_york@mitel.com +1-613-592-2122<br>
PGP key (F7E3C3B4) available for <br>
secure communication</span></font><o:p></o:p></p>
</div>
</div>
</body>
</html>