Skip Links

Network World

  • Social Web 
  • Email 
  • Close

NAC protection extends to VoIP

NAC can be an important layer of protection for VoIP
Security: Network Access Control Alert By Tim Greene , Network World , 07/12/2007
Tim Greene
Sign up for this newsletter now!

NAC has trouble giving much information about network devices that can’t be scanned for virus software, operating system patches, firewall configuration and the like.

This is particularly true of VoIP phones, which likely run on proprietary operating systems and won’t submit to a NAC client for scanning or even external probing for much data. NAC can’t supply the same depth of information about a VoIP phone as it can about a PC.

Don't Miss!Read the latest WhitePaper - Monitor the core and troubleshoot the access layer with integrated network analysis solutions

But that doesn’t mean NAC is useless in the task of protecting VoIP. For instance, the most common threat to VoIP is a denial-of-service attack, and to the extent that NAC can prevent infected machines from launching these attacks, it also protects VoIP.

Similarly, if infected machines are used to launch attacks against known operating system vulnerabilities, it could impair VoIP gear based on those operating systems. If NAC reduces the number of infected machines that access networks by flagging them, it reduces the number of these attacks against VoIP equipment.

Related Content

Servers necessary to VoIP can be scanned in more depth by NAC devices than VoIP handsets, and they are also susceptible to infection. To the extent that NAC can expose these machines before they do damage, it can protect the voice network.

Some exploits against call servers has made it possible to take over the machines, leaving the voice network open to fraud and abuse.

So while NAC doesn’t evaluate all VoIP gear in the same ways it does desktops and laptops, NAC’s generalized threat mitigation value does extend to VoIP and can be considered an important layer of protection for voice networks.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comments (3)
Login
Forgot your account info?

Helping is what NAC Must DoBy ghartline on July 18, 2007, 11:39 amAs the CTO of a network security company, I’ve watched the NAC market evolve from its infancy. I believe that NAC promises to further secure IP Telephony environments...

Reply | Read entire comment

NAC can help VoIP far moreBy mrmclean on July 16, 2007, 11:59 pmI blogged on the ideas here at the En Garde blog at blog.consentry.com, but just wanted to quickly comment that NAC, in a fuller form, can do much more to help VoIP...

Reply | Read entire comment

RE: NAC protection extends to VoIPBy Nicolas Wagrez on July 12, 2007, 12:20 pmThere are several things that I did not see in the article. It seems to imply that Voip handsets and Voip servers share the same infrastructure as workstations....

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Save The Date!
What They Are Saying

im gonna try on major ISPS here in Canada lol- Anonymous

Join the Discussion