Multiservice access technologies combine several types of communication categories (data, voice, and video) over one transmission line. This provides higher performance, reduced operational costs, and greater flexibility, integration, and control for administrators.

The regular phone system is based on a circuit-switched, voice-centric network, referred to as the public-switched telephone network (PSTN). The PSTN uses circuit switching instead of packet switching. When a phone call is made, the call is placed at the PSTN interface, which is the user's telephone. This PSTN is connected to the telephone company's local loop via copper wiring. Once the signals for this phone call reach the telephone company's central office (the end of the local loop), they are part of the telephone company's circuit-switching world. A connection is made between the source and the destination, and as long as the call is in session, the data flows through the same switches. When a phone call is made, the connection has to be set up, signaling has to be controlled, and the session has to be torn down. This takes place through the Signaling System 7 (SS7) protocol. When Voice over IP (VoIP) is used, it employs the Session Initiation Protocol (SIP), which sets up and breaks down the call sessions, just as SS7 does for non-IP phone calls. SIP is an application layer protocol that can work over TCP or UDP. SIP provides the foundation to allow the more complex phone-line features that SS7 provides, such as causing a phone to ring, dialing a phone number, generating busy signals, and so on.

The PSTN is being replaced by data-centric, packet-oriented networks that can support voice, data, and video. The new VoIP networks use different switches, protocols, and communication links. This means VoIP has to go through a tricky transition stage that enables the old systems and infrastructures to communicate with the new systems until the old systems are dead and gone.

High-quality compression is used with VoIP technology, and the identification numbers (phone numbers) are IP addresses. This technology gets around some of the barriers present in the PSTN today. The interface devices (telephones) have embedded functions and logic that make it more difficult to implement different types of services that the network as a whole can support. In VoIP, the interface to the network can be a computer, server, PBX, or anything else that runs a telephone application. This provides more flexibility when it comes to adding new services and provides a lot more control and intelligence to the interfacing devices.

Because this is a packet-oriented switching technology, latency delays are possible. This manifests as longer delays within a conversation and a slight loss of synchronicity in the conversation. When someone using VoIP for a phone call experiences these types of lags in the conversation, it means the packets holding the other person's voice message got queued somewhere within the network and are on their way. This is referred to as jittering, but protocols are being developed to help smooth out these issues and provide a more continuous telephone call experience.

Four main components are needed for VoIP: an IP telephony device, a call-processing manager, a voicemail system, and a voice gateway. The IP telephony device is just a phone that has the necessary software that allows it to work as a network device. Traditional phone systems require a "smart network" and a "dumb phone." In VoIP, the phone must be "smart" by having the necessary software to take analog signals, digitize them, break them into packets, and create the necessary headers and trailers for the packets to find their destination. The voicemail system is a storage place for messages and provides user directory lookups and call-forwarding functionality. A voice gateway carries out packet routing and provides access to legacy voice systems and backup calling processes.

When a user makes a call, his "smart phone" will send a message to the call-processing manager to indicate a call needs to be set up. When the person at the destination takes her phone off the hook, this notifies the call-processing manager that the call has been accepted. The call-processing manager notifies both the sending and receiving phones that the channel is active, and voice data are sent back and forth over a traditional data network line.

Moving voice data through packets is more involved than moving regular data through packets. This is because data are usually sent in bursts, in which voice data are sent as a constant stream. A delay in data transmission is not noticed as much as is a delay in voice transmission. The VoIP technology, and its supporting protocols, has advanced to provide voice data transmission with improved bandwidth, variability in delay, round-trip delay, and packet loss issues.

Using VoIP means a company has to pay for and maintain only one network, instead of one network dedicated to data transmission and another network dedicated to voice transmission. This saves money and administration overhead, but certain security issues must be understood and dealt with.

Hackers can intercept incoming and outgoing calls, carry out DoS attacks, spoof phone calls, and eavesdrop on sensitive conversations. Many of the countermeasures to these types of attacks are the same used with traditional data-oriented networks:

. Keep patches updated on each network device involved with VoIP transmissions:
    .   The call manager server
    .   The voicemail server
    .   The gateway server
. Identify unidentified or rogue telephony devices
. Implement authentication so only authorized telephony devices are working on the network
. Install and maintain:
    .   Stateful firewalls
    .   VPN for sensitive voice data
    .   Intrusion detection
. Filter unnecessary ports on routers, switches, PCs, and IP telephones
. Employ real-time monitoring looking for attacks, tunneling, and abusive call patterns through iii.IDS/IPS
. Employ content monitoring
. Use encryption when data (voice, fax, and video) cross an untrusted network
. Use a two-factor authentication requirement
. Limit the number of calls via media gateways
. Close the media sessions after completion

This is just one small technology that you need to understand for the CISSP exam. To learn and understand ALL of the topics covered on the CISSP exam, please review the following pages:

http://www.logicalsecurity.com/training
http://www.logicalsecurity.com/solution
http://www.logicalsecurity.com/cbt