Securing H.323 or H.320

gdrandles · ‎12-05-2007

My client is worried that there could be a back door issue with using H.320 or H.323. Currently we are using DMVPN between all spokes and the Hub. I assume that we could use the current firewalls in place to funnel H.323 traffic only to the MCU and EMP and prevent it from going to internal sites. What kind of firewalls can we use for H.320? Any advice is appreciative.

sadbulali · ‎12-12-2007

As the IP Telephony data crosses a network, that data is only as safe and secure as the devices that are transporting the data. Depending on the security level that is defined in your security policy, the security of the network devices might have to be improved or they might already secure enough for the transportation of IP Telephony traffic.

There are many best-practices within a data network that, if used, will increase the entire security of your network. For example, instead of using Telnet (which sends passwords in clear text) to connect to any of the network devices, use Secure Shell (SSH, the secure form of Telnet) so that an attacker would not be able to see a password in clear text. There are many documents on the Cisco.com website that talk about overall security within a network. Use that documentation along with your security policy to determine what security the infrastructure needs.

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guide_chapter09186a008063742b.html