Unified communications systems are increasingly becoming a target for data security attacks. In the first part of this article, Striving for secure unified communications, Jim Romeo investigates where and when the next UC data breach is likely to occur. In part two, below, he explains why cross-platform communications pose an even greater risk to security threats.
A security risk stemming from multiple sites and a wide range of ports is the vulnerability of cross-platform communication. Some users may have Microsoft Lync, while others use Cisco, Avaya or Unify (formerly Siemens Enterprise) platforms. Session initiation protocol (SIP) trunking is commonly the technology that interconnects the different platforms of the different technologies, but it also presents a ripe spot for breaches to occur.
Some UC platforms are just not compatible -- and in order to make them compatible, the security measures associated with them must be disabled.
chief technology officer, Sonus Networks
According to Kevin Riley, chief technology officer of Sonus Networks, based in Westford, Mass., session border controllers (SBCs) are used to ensure that unwanted end users are not privy to the communication flow, while allowing wanted users to participate. But some UC platforms are just not compatible -- and in order to make them compatible, the security measures associated with them must be disabled. This is sometimes done without regard for the vulnerability it creates for an unwanted party to become privy to the communication.
Authentication is key, as is ensuring that only authorized parties are able to access the communication and the data shared during the UC session. This requires some care and skill by the IT department to ensure that proper authentication is instituted and that once it's authenticated, the UC session is encrypted.
"An SBC can address both needs with a single device," said Riley. "An SBC at the edge of an enterprise ensures that the application is accessed only with correct credentials being exchanged between the clients and the SBC. Attacks on the UC application, including flooding or denial of service, are discarded by the SBC without impacting performance or scale of the UC application. Once a client is authenticated by the SBC, the session should be encrypted. For example, encrypted sessions cannot be snooped by others using the same Wi-Fi infrastructure."
As UC platforms come of age, and their purported $68 billion market opportunity becomes a reality, their security will be a definite concern. It will, at the very least, be as much of a concern as any other sort of communication such as email, voice or Internet.
"As adoption for UC solutions grows in the enterprise, more and more end users are becoming familiar and comfortable with UC applications," says Ted Doty, Senior Technology Product Manager at Polycom. "IT should ensure that end-user security training emphasizes that users should be vigilant using UC applications, in the same way that they are using Web browsers or email."
For more on unified communications security:
- View SearchUnifiedCommunications.com's guide on SBCs.
- Learn what UC network security issues threaten your enterprise.
Jim Romeo (www.JimRomeo.net) is a freelance writer based in Chesapeake, Va.