Problem solve Get help with specific problems with your technologies, process and projects.

Alternative to keeping data and VoIP traffic on separate VLANs

Expert Andrew Grayson of VoIPSA explains some cost-efficient alternatives to keeping data and VoIP traffic on separate VLANs.

Keeping data and VoIP traffic on separate VLANs is certainly a good security practice, but it may be easier said than done. If it takes an extra NIC and switch port to separate the soft phone VoIP traffic from data traffic from the same workstation, it will be a hard sell in an enterprise environment. Any secure, yet economically justifiable alternatives?

There are many ways to protect a VoIP network, but the first decision to make is what are you protecting? In any type of IP communications, e-mail, Web, IM and now voice you must first ask yourself the following questions -- Do I need external communications? Is it two way? What are my corporate policies? Are there legislative concerns I must address? Then you must take a look at the internal network and ask yourself -- Do I need to separate this traffic for bandwidth concerns, policy needs or compliancy requirements?

After looking through these criteria, implementing a solution based on the capabilities of your servers must be addressed. Can the basic implementation address the issues raised in the design phase? Where are the gaps? Are there third party solutions that compliment an existing implementation while enhancing the security aspects that must be addressed?

In the scenario you describe, you are proposing to separate the traffic by implementing a VLAN approach. This approach is quite costly (as you noted) and requires an investment in extra networking equipment. Yet this still allows a determined hacker the chance to 'sniff' the network and capture voice traffic. If separated traffic is the intent and a necessary requirement, easier options such as TLS between the phone, soft or hard and the server would be a better design, reducing the hardware requirements while providing a more secure implementation.

Dig Deeper on VoIP QoS and Performance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.