NAC protection extends to VoIP

Clarifying issues surrounding this emerging security architecture

NAC has trouble giving much information about network devices that can’t be scanned for virus software, operating system patches, firewall configuration and the like.

This is particularly true of VoIP phones, which likely run on proprietary operating systems and won’t submit to a NAC client for scanning or even external probing for much data. NAC can’t supply the same depth of information about a VoIP phone as it can about a PC.

But that doesn’t mean NAC is useless in the task of protecting VoIP. For instance, the most common threat to VoIP is a denial-of-service attack, and to the extent that NAC can prevent infected machines from launching these attacks, it also protects VoIP.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

NAC has trouble giving much information about network devices that can’t be scanned for virus software, operating system patches, firewall configuration and the like.

This is particularly true of VoIP phones, which likely run on proprietary operating systems and won’t submit to a NAC client for scanning or even external probing for much data. NAC can’t supply the same depth of information about a VoIP phone as it can about a PC.

But that doesn’t mean NAC is useless in the task of protecting VoIP. For instance, the most common threat to VoIP is a denial-of-service attack, and to the extent that NAC can prevent infected machines from launching these attacks, it also protects VoIP.

Similarly, if infected machines are used to launch attacks against known operating system vulnerabilities, it could impair VoIP gear based on those operating systems. If NAC reduces the number of infected machines that access networks by flagging them, it reduces the number of these attacks against VoIP equipment.

Servers necessary to VoIP can be scanned in more depth by NAC devices than VoIP handsets, and they are also susceptible to infection. To the extent that NAC can expose these machines before they do damage, it can protect the voice network.

Some exploits against call servers has made it possible to take over the machines, leaving the voice network open to fraud and abuse.

So while NAC doesn’t evaluate all VoIP gear in the same ways it does desktops and laptops, NAC’s generalized threat mitigation value does extend to VoIP and can be considered an important layer of protection for voice networks.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.