Ron Blizzard wrote:
On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis brian.mathis@gmail.com wrote:
"Not connected to the Internet", and "not connected to a LAN" are very different things. I doubt VOIP would work if the server was not connected to a LAN. There could be quite a few things on the LAN, depending on it's size, such as viruses, malware, and even users doing scans of the network. Don't assume that "out there" is insecure, and "in here" is secure. That's one of the biggest mistakes to make when creating a secure environment.
You're right. I was thinking like a phone tech -- that the VOIP system's wiring was still separate from the regular LAN.
Just to set your minds at ease (or not). I have a separate D-Link switch that does PoE (to power the snom phones) and vlans and set it up so that all the phones are on one vlan called VOIP. The * server single eth0 is also on this vlan, but does also belong to the rest of the office on another vlan called LAN. So - the snom phones (linux based) can only see the * server. The * server can see the rest of the LAN - so in theory anyone on the local LAN can scan and see the CentOS based * server. We are however a very small office and I get to see all connected PCs in action. As I have some questions about SIP security I was not prepared to have the snom phones in any way being accessible to / from the LAN (let alone the internet). Tks for comments and suggestions. Rob