DSC Tech Library
Computer Telephony Integration
This section of our technical library presents information and documentation relating to CTI Computer Telephony Integration software and products.
Computer Telephony Integration CTI software is a rich set of phone software library routines that enable application programs to control your phone system.
This comprehensive CTI software lets you increase employee productivity, enhance customer service and reduce costs by combining the capabilities of our PACER phone system with the custom functionality of your Windows, Unix or Web applications.
Data collected by your phone ACD (Automatic Call Distribution) or IVR (Interactive Voice Response) systems can be passed to your existing PC, Unix or Web applications through our phone software.
The PACER predictive dialer can automatically call your customers and pass only connected calls to your agents. With our computer telephony software, your telephone and computer work together to provide cost-saving benefits.
Voice over IP and Security
Dick Bussiere, 1-Aug-2003
To understand the security risks associated with VoIP, it is first necessary to understand the three components involved, namely, the phones (softphone or IP phone appliance), call manager (IP-PBX), and voice gateway, which allows the VoIP system to connect to the traditional telephony network.
VoIP data is exposed to more or less the same threats as regular data. For example, an unauthorised user could make use of your IP infrastructure, IP-PBX and voice gateway to make a call using a soft phone on a wireless laptop.
Another way to launch a theft of service attack would be to target the underlying OS on either the IP-PBX or the voice gateway. Once this is compromised, all of the services provided by the platform will be possibly 'open'.
Denial of service (DoS) attacks are also easy to execute-just attack the IP-PBX or voice gateway and no incoming or outgoing calls can be made. Attacking the IP infrastructure itself, by loading it with broadcast traffic, can also disable or degrade the VoIP service.
In addition, VoIP traffic interception can also be easily accomplished. A strategically located hub-or a hacker tool such as Dsniff-can duplicate traffic, capture and replay the entire voice conversation. And this is significantly easier to do on a VoIP infrastructure than it is with the traditional telephone network.
How does one address these vulnerabilities? First, ensure that basic network security measures are in place. These include firewalls, site-to-site VPNs, penetration testing of VoIP components, and network IDS, as well as host IDS systems to monitor critical VoIP components (easily done if they are based on standard OS platforms).
More advanced security measures would include:
Further, there is one very powerful step that can be taken to help ensure maximum security, stability, and QoS for VoIP deployments-that is the concept of controls and filters employed at the edge of the LAN, the place where the components attach.
- The use of SNMPv3 management to manage the VoIP components-it is more difficult for an attacker to attempt to maliciously configure a device if he does not know the shared encryption secret.
- The use of SSL and/or SSH to manage the VoIP components-this makes it
virtually impossible to 'see' the management traffic.
- The use of strong authentication for the management plane of these devices.
By using edge-based authentication and authorisation techniques, malicious users can be kept out of the network all together. Protocol usage can be regulated so only legitimate, authorised users can use VoIP protocols. Control protocols that should not be on access ports can be blocked. In addition, DoS techniques such as flooding a network with broadcasts can be mitigated by applying rate limiting at the edge.
Using edge-based authorisation techniques can also help automate network configuration for VoIP operation. For example, if a legitimate IP phone is detected, then the traffic can be given higher priority. In other words, traffic shaping and traffic prioritisation should be performed at the edge of the network, not at the core.
But before you deploy VoIP, ask yourself if your network is sophisticated enough to handle it or if you need to upgrade. Nothing is worse for the end user than a poorly performing critical service such as telephony.
Remember, the best IT infrastructure is one that is invisible.
Dick Bussiere is CTO for Enterasys Asia-Pacific.