Delivering Reliability and Security in a VoIP Solution November 8, 2005 Michael Porter Avaya Inc. Government Marketing Director Today I’m going to talk about Avaya in a whole new way. We have grown a lot in a few years. I’m not talking about revenues, or number of employees. I’m talking about how we define business communications -- as more than just telephones and switches. Today we are providing open, standards-based business solutions that work with other technologies you have, resulting in new capabilities for your business to drive revenues and reduce costs. If I do my job right, you will see that we can help your enterprise work in ways that you haven’t even thought of. TIPS FOR SPEAKERS: Speakers notes in this document are not to be read like a script, although some of them appear to be a script. The notes are suggestions to be read ahead of your presentation, and learned, or “absorbed” so that you can speak to the slides with a few of your own ticklers to remind you of the most important points. There are multi-step builds on some of these slides. Practice moving through the presentation in slideshow mode so that they don’t throw you when it’s time to make the presentation. Pay particular attention to the “Fabric” slide with WAV files. Make sure that you have the animation software and WAV files in the same folder on your computer so that everything plays correctly. And do a test run. Don’t forget to put your name and presentation date on the title slide!

Avaya, The Leader in Business and Government Communications We enable businesses and governments, large to small, to communicate, serve, and excel Century of experience and innovation in our DNA Today: #1 positions in IP telephony, contact centers, mobility solutions, and services Avaya Labs, leader in communications software: 3,000 patents/applications Pioneered voice mail, IVR, skills-based call routing, unified communication, CTI, audio conferencing, virtual LAN 1 million customers -- 90% of FORTUNE 500® rely on Avaya 20,000 people in 50 countries 2,500 Business Partners

Today’s Discussion How reliability and security are different with VoIP systems How to architect reliability into a VoIP solution Going beyond reliability Security in a VoIP solution Managing security in VoIP Conclusion …. Q&A

How Are Reliability and Security Different in VoIP? Traditional Telephony PSTN Digital/Analog Phones PBX Telephones are directly wired to PBX ports Voice Mail IP Telephony Network Core IP Phones Analog Phones FAX Machines PSTN VoIP Gateway Analog Gateway Voice Communication Server(s) WAN Internet Message Servers Application Servers

Designing Reliability into a VoIP Solution IP Phones Message Servers Voice Communication Server(s) Location A Server Redundancy Network Redundancy Telephone Power PoE in Closet UPS in Closet PSTN Location B VoIP Gateway WAN Alternative Network Links Server Redundancy Voice Communication Server(s) Voice Messaging backup store Message Server Backup Alternative VoIP Gateway 5 - 7

Increasing Reliability with Additional Network Connections Satellite IP Phones Message Servers Voice Communication Server(s) Free Space Optics Outdoor Router PSTN Voice Communication Server(s) WAN Voice Messaging backup store 5 - 7

Beyond Reliability…. Availability Message Servers Backup Communications Server Message Servers Voice Communication Server(s) WAN VoIP Gateway Branch Office Location B Location A PSTN Backup Communications Server Increased Survivability Alternate WAN routes Connect to other communication servers Connect over the PSTN (dial backup) Automatic reconnect to main communication server Reroute “voice” over the PSTN when WAN connection constricted 5 - 7

Managing Availability at the Application Level Manage your network quality, and therefore availability at the application level Voice Applications require more of the network as delay and packet jitter can significantly affect the user perception of quality Proactively monitor your network to ensure end-to-end QoS Proactively monitor your ISP’s to ensure SLA’s are being met Implement a flexible network that allows automatic routing to avoid potential problems in your, or your ISP’s network

Voice Security Concerns System and Server Tampering Direct access to admin, etc Virus or Worm attacks Denial of Service – targeting servers, gateways, and routers Backdoor access through rogue modems or soft phones VPN Security – leaving ports open for voice Content Security – wiretapping in the IP world Unauthorized Access – man in the middle, etc

Securing a VoIP Solution Hardened Application Server Secure OS Locked-down ports Secure Access (e.g., no telnet) Network Region & Segmentation Support DoS Protection No file sharing Secure access Separate physical interface for Admin & Control Network Core IP Phones Analog Phones FAX Machines PSTN VoIP Gateway Analog Gateway Voice Communication Server(s) WAN Internet Message Servers Application Servers Encrypted Control Channels (H.248) Signed Downloads Encrypted Media and Signaling (H.323, SIP)

Security Must Be Achieved at Various Points Extended Perimeter Remote Users/ Telecommuters Customers Business Partners Branch Offices Road Warriors Mobile Workers Wireless LAN Web Apps Perimeter VPN Firewall IDS Wireless Access Point Email Scanning Virus Checking Managed Security Services Control RADIUS Access Control Identity Management Single Sign-on Policy Enforcement Policy Management VLAN Resources Devices Applications Voice, CRM, UC Operating systems Data Video Host Based IDS Modified from The Burton Group From Avaya Converged Security WP

End-to-End VoIP Application Security System & Perimeter Protection Protect against common attacks such as viruses, worms and generic attacks Denial of Service Resistance Vulnerability Reduction; Intrusion Prevention Secure Management Protects against attacks and confidential information disclosure Secure Provisioning; Roles & Policy Monitoring, Auditing and Accounting Confidentiality and Integrity Ensures privacy by encrypting confidential information such as voice media Message and File Integrity Secure Storage Converged Identity & Access Protects against identity theft Authentication and Authorization Certificate Framework

Trusted Communications User Authentication & authorization App roles Media encryption Data privacy Initiate Contact Server hardening Firewall, NAT VoIP aware VPN 802.1x auth. Device authentication and registration Authenticated Authentication of contacted party Complete Secure Communications DoS protection WLAN Security App roles Media encryption Data privacy Application Level Network Level Device Level

Conclusions VoIP Communications can be architected for reliability….and can even exceed traditional voice systems in being more available. Communications connections can be more redundant Communications resources can be configured for fallback support Users can be provided multiple means for accessing their communications VoIP Communications introduces new security challenges that are best addressed leveraging best practices At the various communications layers (e.g., device, network & application) Managed from various access points (e.g., resources, control, & perimeter)

Q & A Now that you have had an overview of our approach to business continuity through communications, I would like to spend a few minutes addressing your specific issues and concerns and discussing how one or more Avaya solutions can help you achieve your preparedness and continuity objectives. I hope today’s discussion gives you some new ideas and considerations for how to tackle your security issues. Thank you!

Official Convergence Communication Provider for the 2002 and 2006 FIFA World Cup™ FIFA Women’s World Cup USA 2003