Enterasys Delivers Voice over IP (VoIP) Security

Enterasys Networks Inc., the Secure Networks Company™, announced today a comprehensive approach to secure IP Telephony solutions from leading voice vendors. Enterprises worldwide want to ensure the same reliability, quality, manageability, mobility and security of the traditional PBX with new voice-over-IP (VoIP) and unified communications solutions. The Enterasys Secure Open Convergence solution delivers a way to sense and automatically respond to security threats against the IP telephony infrastructure; enforce network access control policies; and comply with regulations for monitoring and safety such as CALEA and E911 in the United States.

“The Enterasys integrated open-architecture approach to understand and manage the priority and security of unified communications doesn’t lock you into a particular voice, video or data vendor,” said Mike Fabiaschi, President and CEO of Enterasys. “Whether you have invested in VoIP solutions from 3Com, Alcatel, Asterisk, Avaya, Cisco, Mitel, NEC (Sphere), Nortel, Panasonic, Polycom, ShoreTel, and/or Siemens – we can protect the confidentiality, integrity and availability of voice services while ensuring compliance with internal policies and government regulations.”

Bangkok’s new Suvarnabhumi Airport has deployed more than 12,000 Enterasys PoE connections to support airport operations through converged voice, video and data communications. Pornchai Krivichian, Vice President for SAMART TELCOMS, said: “We needed a networking solutions partner who could deliver on their promises – and that is exactly what Enterasys did. SAMART TELCOMS has found the Enterasys technology to be very reliable and we appreciate the highly responsive support we receive.”

“Security is among the top concerns of enterprises deploying voice over IP systems today,” said Brian Riggs, Research Director for Enterprise Communications at Current Analysis. “Software that detects unauthorized use of VoIP systems, prevents service disruption and eavesdropping, and monitors voice networks for new threats will be absolutely vital for businesses considering IP telephony as an alternative to more traditional forms of communication. With VoIP security often addressed in a haphazard fashion, a comprehensive solution for securing voice over both wireline and wireless IP networks will be a vital asset to enterprises of all sizes.”

Security is provided by the Enterasys® NAC and Dragon® advanced security applications and Enterasys security enabled infrastructure components for switching, routing and wireless. When voice is delivered as another application over the existing data infrastructure, it is vulnerable to all the threats associated with the data network. Enterasys Secure Networks embed security protections for every user and application to predict and proactively prevent such threats from disrupting voice, video and data communications. User-based and application-based Secure Networks policies save time and avoid costly errors when compared to traditional port-based and VLAN-based access control list (ACL) methods for network security. The Dragon Intrusion Detection/Prevention System (IDS/IPS) offers specific signatures and protocol behavioral analysis for required protocols such as H.323 and SIP which are used in IP telephony environments. The Enterasys NAC solution assesses, authenticates and authorizes VoIP users and telephony devices before allowing them onto the network while enforcing role-based policies after they are connected. E911 compliance is enabled by unique location services in Enterasys NAC that immediately identify the user and physical location when an emergency call is placed. Compliance with the Communications Assistance for Law Enforcement Act (CALEA) allows individual voice conversations or calls to/from a specific user to be redirected from an Enterasys Matrix switch for subsequent recording and analysis. Enterasys switching, routing and wireless connectivity solutions embed policy-based security features on every interface and each device is protected from denial-of-service (DoS/DDoS), man-in-the-middle and spoofing attacks.

Mobility is delivered by Enterasys RoamAbout® Direct Path Forwarding to provide Voice over wireless (VoWiFi) without compromise or delay. Enterasys wireless switch controllers optimize network traffic based on the underlying application which allows latency-sensitive voice and video applications to intelligently communicate at the access point without requiring all traffic to be forwarded back through a WLAN controller. RoamAbout solutions migrate to IEEE 802.11n performance and scalability without upgrading the switching infrastructure or Power-over-Ethernet (PoE) environment to provide unified wired and wireless management of security and quality of service (QoS) policies.

Manageability is provided through the Enterasys NetSight® suite of management applications that deliver policy-based visibility and control over convergence users, applications and devices to ensure mission critical applications such as voice are delivered reliably. One click can equal a thousand actions as NetSight software enables organizations to manage their network as a cohesive whole, rather than as a disparate set of individual devices.

Quality of voice services is assured as convergence endpoints are automatically discovered using standards-based Link Layer Discovery Protocol for Media Endpoint Discovery (LLDP-MED), Cisco Discovery Protocol (CDP) and other vendor-specific discovery protocols. Granular end-to-end QoS capabilities then prioritize voice traffic throughout the network using Layer 2 and Layer 3 mechanisms such as IEEE 802.1p and IP ToS/DSCP. Enterasys Matrix® switches feature a unique ability to separately secure and prioritize a phone, camera, printer and computer connected to a single network port to provide the business with granular flow-based visibility and control over individual voice, video and data conversations for each user and application.

Reliability is assured with high-availability hardware and software components of the Enterasys Matrix and SecureStack™ switches and routers whose architecture has no single point of failure and supports 15.4 watt IEEE 802.3af PoE on all interfaces to power IP telephone handsets or other PoE devices. Standards-based rapid recovery Layer 2 and Layer 3 topology protocols immediately route around failed network connections.