Q

Security concerns for migrating from open source VoIP to UC

Both open source and non-open source VoIP platforms have security risks and vulnerabilities that could affect your migration to UC but enterprises should ensure that their open source solution meets all regulatory and compliance requirements.

We currently use an open source VoIP server but want to make the move to unified communications (UC). Are there any special security concerns to be aware of?
When I was first asked to narrow down the top issues in troubleshooting IP PBXs I went into a tailspin. I couldn't get off of first base. Your question is the same. The short answer is yes and the abbreviated short answer, regarding "special security concerns", is that I think the concerns are the same. There maybe a different focus when dealing with open source solutions, but I would hesitate to call it "special." Security is never not an issue.

Open source, in one example of a platform used for many web forums is found vulnerable. It needs patching but this doesn't mean that all the vulnerabilities are yet known. You can argue the same for non-open source.The vulnerability has a potential effect that could impact several areas of the organization. What will these issues have on any industry governed by a regulatory framework, what are the legal implications and what are the...

security ramifications of any breach?

I would apply any industry regulations that your organization may be saddled with such as SOX, HIPPA and SEC to evaluating open source VoIP security in your UC migration. You will need to ensure that your open source solution is meeting any regulatory or compliance requirements. Then, you need to investigate further known vulnerabilities of what you are using and put into action any determined necessary security measures and assessments. I do think security and network assessments, along with continuous monitoring, will soon be within embedded or hosted infrastructures and will satisfy regulatory issues.

Still, have your counsel review the open source agreements/licenses and determine whether or not there are conflicts or room for any issues or potential and probable liabilities. This maybe challenging and you may get into some un-chartered waters. In short -- you should always review your regulatory, security and legal areas. Open source or not, security is always a concern even when it's not on your radar or field of vision. I'm not implying, however, that open source is any better or worse than closed or proprietary systems.

For more information and resources regarding open source security, check out the Open Source Vulnerability Database.

This was first published in October 2008

Dig deeper on Unified Communications Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchMobileComputing

SearchNetworking

SearchTelecom

SearchITChannel

SearchEnterpriseWAN

SearchExchange

Close