<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv=Content-Type content="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page Section1

        {size:612.0pt 792.0pt;

        margin:70.85pt 70.85pt 70.85pt 70.85pt;}

div.Section1

        {page:Section1;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>Does the point #8 describe also the fail-over procedures? So if

my primary call controller broke down then the second call controller will automatically

handle the active calls? This may involve some clustering techniques.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>Also important part of voip security is the credibility of an incoming

calling number (callid). Because in the PSTN network normally I can’t

change my callid, but in the VoIP it’s usually not a big problem. Maybe

this problem could be handled with ENUM.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>QoS – this is very important when we are going to talk

about security in voip. We have to consider what level of security do we need

because the encryption of traffic and other security features are always adding

additional delay to the transported voice. If the value of this additional delay

is going to be too high then our call is maybe for 100% secured but it’s

not pleasant to hear.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>And SpIT. We know that controlling SPAM in our emails is very difficult

. But controlling SPAM in VoIP will be even more difficult. So I hope that some

pages in this document will also cover the possibilities of solving the SpIT

problem.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>All the best,<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>   Jozef Janitor<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>   <a href="http://www.cnl.tuke.sk">www.cnl.tuke.sk</a><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>

<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span

style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>

bestpractices-bounces@voipsa.org [mailto:bestpractices-bounces@voipsa.org] <b>On

Behalf Of </b>dan_york@Mitel.com<br>

<b>Sent:</b> Friday, January 19, 2007 11:58 AM<br>

<b>To:</b> bestpractices@voipsa.org<br>

<b>Subject:</b> [VOIPSA Best Practices] Best Practices document structure set -

next question: are these the appropriate areas?<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p> </o:p></p>

<p class=MsoNormal style='margin-bottom:12.0pt'><br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Best Practices

team,</span> <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thank you to

those of you who sent in comments either on the list or directly to me.  A

special thanks to Eugene Nechamkin who took the time to write up a

counter-proposal. Outside of his contribution, basically all the feedback was

for proposal #2, structuring the document around functional areas, and so I'm

going to say we're going with that.</span> <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Now, the next

question - is this list below from the wiki the appropriate list of areas for

VoIP-related best practices?</span> <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>1.  

     </span>Securing Voice and Media stream <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>2.  

     </span>Securing Call Control <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>3.  

     </span>Securing Management Interfaces and APIs <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>4.  

     </span>Securing PSTN Interfaces and Traditional Telephony

Issues (i.e. don't forget toll fraud) <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>5.  

     </span>Securing Servers and Operating Systems <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>6.  

     </span>Securing IP Endpoints (ex. sets, softphones, etc.) <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>7.  

     </span>Securing the TCP/IP network (ex. VLANs, 802.1X,

wireless, etc.) <br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>8.  

     </span>Physical Security, including backups, power, etc. <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Are we missing

any major areas?  Should these be modified or tweaked?</span> <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>It seems to me

to be a complete list, but then again, I wrote it, so of course it would.

 Any feedback is welcome.</span> <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Regards,<br>

Dan</span> <br>

<br>

<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>-- <br>

Dan York, CISSP<br>

Dir of IP Technology, Office of the CTO<br>

Mitel Corp.     http://www.mitel.com<br>

dan_york@mitel.com +1-613-592-2122<br>

PGP key (F7E3C3B4) available for <br>

secure communication</span><o:p></o:p></p>

</div>

</div>

</body>

</html>