Unified Communications: Click to talk

Sep 20 2008   5:13PM GMT

Risk of RTP ‘Monoculture’

Tony Bradley Tony Bradley Profile: Tony Bradley

One of the issues or stumbling blocks facing organizations as they adopt unified communications is the interoperability (or lack thereof) between systems. A company would like to know that the platform they invest in will be able to integrate, or at least cooperate with, disparate platforms being used by vendors, customers, or future merger and acquisition targets.

In the world of VoIP (Voice over IP), there is a more or less agreed upon standard in RTP (Real-Time Transport Protocol). That is great for universal interoperability, but some have suggested that it may also pose a security risk for VoIP networks. The potential ‘monoculture’ of RTP could mean that any successful exploit against the protocol could cripple not one VoIP platform, but all VoIP platforms simultaneously.

I do agree that organizations need to be concerned with VoIP and unified communications security, but I believe that the ‘RTP monoculture’ issue is primarily FUD being used to sell VoIP security solutions from the vendors claiming the sky is falling. The thing is that monoculture is largely a myth. The ‘Microsoft monoculture’ was just anti-Microsoft FUD.

Each organization has different perimeter security, different products and applications inside the network, different security policies and controls across their environments. Yes, they may all use RTP, but everything else about their network and VoIP configuration is unique to each organization. Hopefully, if they have done their homework and put the right kinds of security controls in place, an RTP exploit that impacts one company won’t necessarily impact them.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: