VON Magazine - March/April 2008 - What Works At Work (Page 17)

You are on a highly sensitive call with your CFO regarding a pending acquisition. The last thing you need is for your call to be hacked and the information leaked. Your call is made from your office that has an IP desk phone using a VoIP network. You know your network is secure but can you trust that your provider has taken the necessary steps to protect your conversation?

product which provides IP-based connectivity to AT&T's network for wholesale domestic and international VoIP call termination. AT&T has developed a security architecture that strengthens potentially vulnerable points; deploying security mechanisms throughout the network elements and service to provide seamless security against denial of service attacks and other fraudulent activities. This architecture is designed to safeguard privacy of customer communications and protect personal information as well. (Details of AT&T’s warranties are contained in the contract documents.) According to Ed Amoroso, AT&T’s Chief Security Officer, "As companies transition to VoIP services, it is essential that they work with their carrier to assess and mitigate security risk. In fact, AT&T’s network is a major component in the security model that customers are building for their businesses. What distinguishes AT&T is that defenses are built into the network. This allows customers to enjoy all the features of VoIP while minimizing the security concerns.” To protect AT&T’s networks and services, AT&T uses a “ defense-in-depth” security architecture, with security built into every network layer and every supporting process to prevent, isolate and resolve security vulnerabilities. The theory of “defense-in-depth” is that if the security fails at one layer, the next layer provides additional security with which to contend. "AT&T's unique approach to network-based security provides an additional layer of defense for companies and individuals," states Amoroso. “AT&T's protective mechanisms are integrated into the fabric of our network. This makes attacks more difficult." The Best Defense? Proactive Analysis and Prevention “The best defense companies have is to formulate proactive plans, and implement advanced networking and security solutions. This strategy can assess risk and eradicate attacks that are brewing – long before they penetrate the network,” states Amoroso. “Instead of constantly reacting to threats and being defensive, companies have the advantage of being alerted to threats before they happen.” AT&T takes a preventative approach to security by identifying, detecting and managing intrusions before they inflict damage. AT&T collects, analyzes and interprets data in real-time to enable rapid incident response. AT&T security experts in AT&T’s Global Network Operations Center (GNOC) monitor network security and performance around-the-clock. Traffic anomalies are detected and cyber-attacks are predicted in the early stages. This advance notice enables customers to take quick remedial action to contain and minimize damage inflicted by an attack.

AT&T’s VoIP security architecture is segmented into three security domains to prevent, isolate and resolve security vulnerabilities: the Customer Premises Domain, the AT&T Border Domain, and the AT&T VoIP Infrastructure Domain.

1 The Customer Premises Domain – Many of the security measures instituted by AT&T to secure VoIP must also be deployed by customers on their own devices to provide effective protection.

2 The AT&T Border Domain – AT&T separates traffic from the public Internet at the border to prevent DDoS (distributed denial of service) attacks from ever entering our network. The VoIP border elements perform authentication and call admission; malformed and/or unexpected packets are discarded.

3 The AT&T VOIP Infrastructure Domain – AT&T’s IP/MPLS network provides state-of-the-art security and fraud protection. Wholesale VoIP traffic transverses a logically separated VPN with top QoS for traffic prioritization. To preserve network integrity, customer access is never permitted directly into this VPN; all customer access is mediated by the AT&T IP border elements.

PSTN

AT&T VoIP Security Domains

Voice Applications AT& T VoIP
Infrastructure
Domain
VoIP

Network Elements

VoIP

_NetworkApplication

Servers

Gateway

^Border ^ElementsCommon VoIP Connectivity Layer SIP H.323 MGCP Border Border Border Elements Elements Elements

AT& T VoIP
Border
Domain

SIP Endpoints

H.323 Endpoints

MGCP Endpoints

Customer Premises Domain

Customer Premises Layer

Commitment to Quality of Service for Wholesale Customers At AT&T, security is an integral element of all services. As in its switched network, AT&T’s IP/MPLS (Multiprotocol Label Switching) security architecture employs state-of-the-art mechanisms designed to support the availability, integrity and confidentiality of its customers’ VoIP services while simultaneously maintaining quality of service. As a further safeguard, AT&T employs continuous monitoring of its global IP network to rapidly identify potential threats and respond with appropriate security measures. Wholesale customers can confidently offer VoIP services to their end users knowing that AT&T’s legacy of service quality, security and reliability are the foundation for their service offerings.