VoIP use on campus advances cautiously; economy rivaling security for biggest worry

A recent ACUTA (www.acuta.org) survey of its member colleges and universities indicates that deployment of Voice over Internet Protocol (VoIP) on college campuses is growing...

Th 289244

A recent ACUTA (www.acuta.org) survey of its member colleges and universities indicates that deployment of Voice over Internet Protocol (VoIP) on college campuses is growing, albeit slowly, due primarily to an uncertain economy affecting state operating budgets.

Funding for staffing, said 52% of participants in the April survey conducted among member schools attending anAssociation for Communications Technology Professionals in Higher Education (ACUTA) seminar in St. Louis, is ofgreater concern than security issues when considering newor additional VoIP deployment.

Th 289244
Campus communications infrastructure projects, such as this recent installment at Amherst College where 37 miles of 4-inch PVC pipe was installed and allocated 50/50 for electrical and telecom/data deployment, are in some cases proceeding slowly but surely. For VoIP deployment, a shaky economy affecting state budgets is rivaling security issues as the top concern among college IT decision-makers.
Click here to enlarge image

A year ago in a similar survey, security was cited by 77% of respondents as "the biggest worry," but in the April survey,ACUTA reports that "just a fraction...expressed any concern about VoIP security." It's not that security issues are being brushed aside, suggests ACUTA leadership; rather, the weak economy's impact on state budgets is making current andfuture plans for VoIP uncertain at best.

"As an example, the State of Washington is forecasting a billion dollar deficit for the next biennium," notes Dave Ostrom, director of communications and network services at Washington State University, and chairman of ACUTA's legislative and regulatoryaffairs committee. "Why worry about security when you may be struggling to continue to offer the service?"

ACUTA Executive Director Jeri Semer adds that it's "difficult and risky" to make assumptions as to why survey respondents answered the way they did, without further probing. But apossible contributing factor, Semer suggests, is that with more time and experience with VoIP implementation, somemembers' concerns about potential security risks have been resolved.

Ostrom concurs, noting the emergence of "more mature" security products, such as Cisco's Unified Communications Manager that released as version 6.1 in January and is expected to contain further upgrades and features when version 7.0 is released as hoped later this year.

"The interest in VoIP on campuses today is as strong or stronger than it was two years ago, and the technology continues to progress in terms of the number of schools using it," says Semer. "But this latest survey shows that our member institutions continue to be cautious and methodical about their migration."

The survey showed that two out of three ACUTA member schools are currently using VoIP, but that 82% of respondents said their VoIP network covers 25% or less of their campus—nearly identical to a year ago. Whileusers cite the technology's overall efficiency, improved management, more end-user features, and better use of staff, 38% said quality-of-service and emergency 911 issues, plus difficulty in implementation are challenges that haveled to slow campus-wide growth.

Among schools not using VoIP, 36% of those surveyed say they plan to implement the technology within the next 18 months, but another 55% say it is part of long-term plans due to factorsranging from budget issues to satisfaction with current networks.

"The low penetration rates on campuses, coupled with the solid plans for growth in VoIP use, suggest that our member information communications technology professionals are simply not going to expand their VoIP network coverage until they are comfortable that it is beneficial for their networks, and for their schools overall," says Semer.

While the survey's apparent decreased concern over security issues may instead be more reflective of members' worries over staffing issues, industry professionals continue to caution that several vulnerabilities in campus-wide VoIP deployment must be guarded carefully.

Late last fall at Black Hat 2007, one of a series of highly technical securityconferences, Himanshu Dwivedi of digital security company iSEC Partners(isecpartners.com), warned attendees, "Four to five years ago, we started hearing about the security problems of VoIP, and it's really no better today. The security vendors are not on top of the problem, and users are relying on protocols they think are safe, when in fact they are not."

Of particular concern, says Krishna Kurapati, founder of Sipera VIPER Lab (www.sipera.com/viper)—a Texas-based organization of security researchers—is having proper security for the increasingly common use of SIP (session initiated protocol) trunks. These money-saving trunk deployments can save organizations money by "peering" the VoIP network with the carrier network. Rather than using the PSTN, the same connection is used for all communications.

"The openness and extensibility of SIP make it an attractive choice...torealize the promise of unified communications," says Kurapati. "Unfortunately, those very attributes make it attractive to the hacking community and increase the overall security risk."

For the past two years, Sipera Labs has released its "Top 5 VoIP Predictions," and SIP trunk security is at the top of the 2008 list. Other risks, says Sipera, include: third-party data services exploited for eavesdropping; hacking of Microsoft OCS unified communications connections to instant messaging, e-mail, and buddy lists; increased hacker "vishing" attempts, particularly bank accounts; and attacks on UMA [unlicensed mobile access] features that make it easier for hackers to spoof identities and use illegal accounts.

Kurapati urges VoIP deployers, "To fully realize the potential of a unified communications (UC), organizations need to implement up-to-date security best practices, and proactive UC secu-rity and system monitoring."


Short runs...

ST LOUIS, MO—Belden (www.belden.com) plans to acquire WLAN equipment and management software provider Trapeze Networks as part of a goal of being "a complete signal transmission solutions provider." "We believe the acquisition uniquely positions Belden to offer our enterprise customers tailored connectivity solutions that benefit from blending the strengths of copper, fiber, and wireless technologies," says Belden president and CEO John Stroup. The $133 million cash acquisition, Stroup adds, "will make Belden the world's largest unified wired and wireless solutions provider, and will provide expanded market access to Trapeze Networks' Smart Mobile solutions."

STAMFORD, CT—RHINO Professional Labeling Tools (www.rhinolabeling.com) has formed a strategic partnership with connectivity manufacturer Leviton Network Solutions (www.leviton.com/networksolutions) to provide RHINO with a new avenue for reaching customers in the telecom/datacom markets. As part of the relationship, Leviton will recommend RHINO products for use in labeling Leviton panels, enclosures, wall places, QuickPort housings, and patch cords. A Quick Reference guide will help customers choose the correct settings on RHINO products to create labels for use with specific Leviton products.

ARLINGTON, VA—Ellen Farmer has joined the Telecommunications Industry Association (TIA; www.tiaonline.org) in the new position of Environmental Program Manager, overseeing the organization's recently acquired EIATRACK environmental informational alert regulatory tracking service as well as TIA's global "green" program. Previously, Farmer was a consultant and researcher at Booz Allen Hamilton, where she focused on the EPA's Superfund and the U.S. Postal Service's energy efficiency program.

TOKYO—Hitachi Systems & Services (HSAS), a reseller for Aruba Networks (www.arubanetworks.com), recently deployed an all-wireless network at its Omori Building here. The new 12-floor facility enables employees to work from any workspace using an open-plan hoteling arrangement instead of relying on assigned offices. Wi-Fi data and voice communications are used in lieu of fixed cabling. Doing away with the fixed corporate LAN data and phone cabling to desks, says HSAS officials, eliminates the costs associated with frequent personnel relocations and changing workgroup layouts, and a lower cost of ownership.

More in IP Security & AV