Convergence of communication services on a single IP can cause security headaches

News by SC Staff

The convergence of voice, data, video and other services onto a single infrastructure based on internet protocol (IP) has the potential to leave serious gaps in security.

The convergence of voice, data, video and other services onto a single infrastructure based on internet protocol (IP) has the potential to leave serious gaps in security.

The Information Security Forum (ISF) claimed that network convergence can expose organisations to unknown or unmitigated threats from malicious or malfunctioning infrastructure, devices and services. In addition, these problems are compounded if migration is not properly planned, structured and documented.

Gary Wood, author of the ISF research, said that while the business case for convergence is compelling, information security professionals are faced with protecting merged networks that may consist of thousands of different devices and services based on a protocol that has little inherent security functionality.

He said: “By integrating separate networks onto a common IP infrastructure, organisations are able to reduce duplication, make greater use of resources, simplify management and quickly introduce new services.

“In addition to voice and data that are widely associated with network convergence, other services and devices are being converged; from video conferencing and building monitoring, to ATM machines, factory machinery, warehouse vehicles and networked TV.”

He identified four specific tasks to help organisations secure converged network services: protect core network services and infrastructure from malicious attack, accidental misconfiguration and equipment failure; authenticate and authorise users, devices and services to manage and restrict access to the converged network; create and implement a protection framework for endpoint devices that can no longer rely on the network for protection; and protect and manage services using the converged network using technologies such as encryption and virtual LANs.

Wood said: “Convergence is shifting protection towards the devices, services and data itself with the network providing little more than guaranteed availability. While IPv6 does go some way to address these challenges, it is still not widely implemented in many organisations largely due to its complexity and incompatibility issues.

“Converged networks clearly offer considerable benefits but securing them requires a planned joint approach from network operations and IT departments to facilities and senior management and business users.”

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events