Irwin Lazar's "Real-Time" Blog

Just a quick thought on the FCC ruling that PSTN-connected VoIP services must provide the same 911 capabilities as the service they are replacing.

Bravo!!

The FCC is right, if services such as Vonage are being marketed as POTS-replacements, then customers should expect that VoIP services will work the same way as the phone they had. Service providers have an obligation to deliver that same level of service, otherwise they shouldn't be marketing their products as POTS replacements.

If Vonage and others had marketed their service as a "2nd phone line for cheap long distance" then this ruling probably wouldn't have happened.

Andy Abramson, as usual, has a nice wrap-up of comments. See: VoIP Watch: Om's Right, Martin's Right, Skype Is Possibly Wrong

Aswath Rao has a different take.

Vnuenet has a two-part interview with Cisco CTO (and Linksys head) Charlie Giancarlo in which he gives his thoughts on both enterprise and consumer VoIP trends, as well as SIP. Giancarlo recognizes the trends in VoIP combining with Collaboration, but argues that SIP is still immature as a signaling protocol. It's worth a read.

In this week's Network World, security columnist Winn Schwartau writes that he's finally switching to a Mac. An experiment that he writes is "predicated on the hypothesis that the WinTel platform represents the greatest violation of the basic tenets of information security and has become a national economic security risk."

I switched my work machine from a Dell Latitude to a Mac PowerBook G4 back in December of '03 and haven't looked back since, though my justification for change was based more on usability rather than security concerns. In addition I recently switched my home machine from a Dell to an iMac. I can't tell you how nice it is to have computers that don't crash, don't require constant virus upates, are immune to spyware, and have nicely integrated music, photo, and video management software.

Getting back to the theme of this blog, Schwartau does a nice job summarizing the security issues related to the WinTel platform. Here's a question: how many of those spreading FUD about VoIP security are using WinTel platforms?

I'm quoted in a PCWorld.com story on Vonage's plans for business services:

Vonage is quietly testing its Business Plus service with a few customers in the U.S. The service could save customers 35 percent over traditional telephone deals, according to the company. This will be Vonage's offering for customers who need more than two voice lines.

The service provider is bundling a set number of lines and minutes for a flat monthly fee. To support multiple VoIP lines, Vonage certified a handful of devices from AudioCodes, Cisco, Epygi Technologies, and Quintum Technologies.

The SMB market is where Vonage can really make some inroads as a Centrex replacement, it's also where they will face stiff competition from the incumbants, as well the remaining CLECs such as DSL.NET that can also bundle cheap Internet access with their phone services.

From Computer Business Review and Carl Tyler's Blog

BT Group Plc has made a series of announcements with Microsoft Corp around business productivity, including middleware to sit between a PBX and Microsoft's Live Communications Server (LCS) and integration of the US software giant's Live Meeting into BT's MeetMe conferencing service.

This is the second major announcement that I've seen about service providers leveraging LCS to enable hosted applications to interface with LCS (the previous one being from Broadsoft).  In addition to conferencing, BT's "iBridge" middleware will enable interconnectivity between LCS and Cisco and Nortel IP PBXs (with Avaya and Siemens support on the way).

This is yet another example of the potential for LCS to evolve into a full-fledged IP-PBX, or at least as a gateway to enable telephony features to be accessed via Office Communicator (formerly Istanbul).  The introduction of hosted services adds yet another wrinkle, enabling enterprises to outsource telephony features and PSTN connectivity.

BT is also integrating it's audio conferencing service into LCS to enable web conferencing support as well.  With these and other recent announcements, LCS is quickly gaining the potential to be a single platform capable of unifying enterprise communications and collaboration.

Om Malik's Broadband Blog reports that Wall Street is talking up the possibility of a Juniper acquisition of Extreme Networks.  If Juniper truly wants to position itself as the "Cisco Alternative" for enterprise networks, it will need to make a play for the Ethernet backbone, something that acquiring Extreme would allow it to do (Force 10 wouldn't be bad either).

At the recent Interop conference in Las Vegas, Juniper, Extreme and Avaya showed off their partnership in delivering IP communications services to the new $2.7 billion Wynn Hotel, could this be a precursor of things to come?

From Greg Galitzine's VoIP Blog:

"Nortel and IBM have joined forced in a strategic development agreement, which among other things, menas that the two companies will create a Joint Development Center in North Carolina's Research Triangle Park.The two companies will collaborate on a variety of..."

This is a smart move for Nortel, their financial issues have led to a great deal of uncertainty in the market place. Positioning themselves with IBM makes a great deal of sense and allows the combined companies to strengthen their hand against Cisco (and Microsoft).

From Industry Analyst Reporter:

"After years of quietly building a voice over Internet protocol (VoIP) strategy on a number of fronts, Microsoft is now stepping up its VoIP efforts and is poised for major initiatives in both the enterprise and carrier space, according to new research from IDC. The analysts say the centerpiece of this increased activity is SIP-based collaborative applications being developed for the Microsoft Office Live Communications Server (LCS) 2005."

I'm currently writing a report analyzing LCS and its impact on enterprise telephony planning, I'll have more to say as I get deeper into the development of the report, but I do agree that Microsoft is going to become a major player in enterprise IP telephony and its one of the reasons why I've invited Ed Simnett of their real-time collaboration group to participate in our "End of Telephony" panel at Catalyst this summer.

Here's yet more spreading of VoIP security FUD. This time, by eWeek's David Coursey (thanks to Russell Shaw for noting this article in his blog)

In this article, Coursey argues that enterprise VoIP installations should be stopped due to threats from VoIP spam, unauthorized wiretapping, unauthorized speaker-phone activation among other threats.

As I've stated earlier, I think the security concerns around VoIP have been greatly overblown. SPIT (Spam of IP Telephony) is not a threat for enterprises, since their VoIP systems aren't connected via IP to anything. All calls from/to their VoIP system are via the PSTN. There is no threat of attack on their phones from the public Internet unless basic security practices are completely ignored. In fact, the real threat of VoIP spam is that VoIP will be leveraged in remote parts of the world to enable cheap or free telemarketing, which will plague not only IP phones, but any phone reachable via the PSTN.

Sure, in theory one can set up a SIP server and open it up to the Internet, but enterprises aren't going to do that (at least those who are minimally security conscious). Rather, enterprises who want to enable IP reachability of their VoIP system will do so via private peering or the use of managed peering fabrics. The only threat of VoIP spam would be from publicly facing portals such as "click-to-talk" applications on web sites.

With regard to wiretapping, VoIP is harder to tap than traditional voice. One can't just attach alligator clips at a closet or a terminal on the street. Rather one must span the Ethernet port of the phone they wish to tap, meaning that they need to be able to log into the local Ethernet switch (again, basic security practices would prevent this by logging all administrative access to the switch). In addition, many enterprise VoIP systems offer encryption, something that is not easily implemented in the PSTN.

Yes, there is the threat of someone remotely exploiting a phone to turn on the speaker without a user's knowledge, but one can also put a remote wireless microphone in an office, possibly easier than activating the speaker phone (and I'd be willing to bet this flaw will be fixed in enterprise systems in the not so distant future.

So again, there are threats to VoIP systems, but right now they are being completely overblown by some, and while enterprises should understand the risks, they should also understand that mitigation techniques and best practices exist, and can be implemented to minimize the risk and potentially offer even more secure communications than what is currently being used.

My latest research report "SIP: Unlocking The Power of Open Communications" has been published and is available to Burton Group "Network & Telecom Strategies" research subscribers.  Here is the abstract:

The Session Initiation Protocol (SIP) is rapidly becoming the basis for unifying all enterprise real-time communications systems into a common, standards-based framework both within and across enterprise boundaries. In this report, Senior Analyst Irwin Lazar looks at the growing use of SIP and what it means for enterprise telecommunications planning.