Eavesdropping is not a new or special
attribute of IP telephony.
Years ago, it was
common for users to share a party line and
listen,
often inadvertently, to their neighbors’
conversations.
As recently as 1995,
analog radio scanners enabled listening to
police and emergency networks to hear
about the burglary down the street or carchase
at the south end of town.
Analog cell
phones were so open that anyone could eavesdrop
on cellular conversations, including
significant political or business discussions.
most effective tool against eavesdropping,
but it is not without a significant cost in
processor time, inconvenience, and interoperability.
Encryption is commonly thought to be the
most effective tool against eavesdropping,
but it is not without a significant cost in
processor time, inconvenience, and interoperability.
Some of these issues can be alleviated
with standards-based encryption systems.
|
|
Solution to Security problems
|
Automatic Virtual Lan Segmentation
Easier and less costly protection can be
achieved
with a modern Ethernet switch
feature called automatic virtual LAN
segmentation (implemented as IEEE 802.1Q).
This technique logically restricts access and
packet flow to well-defined and well-understood
endpoints.
Devices on the IP telephony
VLAN are segmented separately from devices
on another VLAN and their two traffic flows
do not mix.
Performance impacts and issues
in one VLAN do not impact the other VLAN.
Endpoints receive only those packets to
which they are entitled.
|
|