Summary of Questions Posed by Webinar Attendees

VoIP Security…Delivered

Summary of Questions Posed by Webinar Attendees

The AT&T VoIP Security Architecture utilizes AT&T security innovations and other IP and telephony security procedures and best practices. TheAT&T Wholesale and pulvermedia™ co-sponsored webinar held on February 27, 2008 focused on security threats to today’s VoIP environment and how AT&T is effectively addressing them.

Questions posed by webinar attendees are addressed below:

1.Q:Are the border elements handling both signaling and media in the same platform or are they separate?

A: The border elements handle both signaling and media on the same platform.

2. Q: Are you giving all customers a VPN? even for a single site customer?

A: All customers are provisioned onto the hub and spoke MPLS VPN. On this VPN, they can only reach the border domain.

3. Q: Could you go over one more time about endpoint security?

A: Think of VoIP endpoints as computers; in the case of VoIP softphones, they actually are computers. Companies need to takesteps to protect endpoints as they do computers, i.e., to harden endpoints against security vulnerabilities. First and foremost, endpoints should be assessed to make certainthat access is limited to authenticated and authorized personnel.

4. Q: Do you support encryption for either signaling or media for confidentiality?

A: AT&T does not support encryption,with the exception of the AT&T Voice DNA service. This offer provides a remote worker feature that allows users to come to AT&T over their own broadband connection. In general, AT&T relies on the security of MPLS VPNs to protect traffic signaling and media for confidentiality.

5. Q: How do you protect end user traffic from end-to-end?

A: AT&T protects end users’ traffic once the traffic is on AT&T's network. End users must protect traffic within their own enterprise network.

6. Q: How is anInternet facing phone supported?

A. An Internet-facing phone should be protected using the methods described in the answer to question 3 above.

7. Q:If routing tables only allow certain connections, why do you need VPNs?

A: The routing tables are a part of the MPLS VPN, which provides more functionality than just allowing certain connections.

8. Q:As MPLS allows prioritization of packets, is a VPN's purpose for security only?

A: MPLS is used to provide both security and Quality of Service (QoS)

9. Q:The use of MPLS VPNs workswell for business VOIP service protection. What would the speaker suggest for the best security protection for residential / consumer or tele-worker VOIP applications where using MPLS VPNs to the customer is not practical from a cost perspective?

A: Enterprises can provide tele-workers with encryption technology via AT&T Voice DNA service which offers a remote worker feature that allows users to access VoIP services over their own broadband connection. In general, AT&T relies on the security of MPLS VPNs to protect traffic signaling and media for confidentiality.

10. Q:What is the speaker's opinion on the SIP Forum's SIP Connect program?

A: AT&Tscientists and engineers from AT&T Labs work directly within the SIP Forum, helping to define all aspects of the SIP protocol and programs.

12. Q:What security measures (IPsec, TLS, etc.) do you use to secure signaling traffic between CPE and AT&T’s network?

A: Typically, the connection between the CPE and the edge of the AT&T network uses a secure method of transport such as AT&T’s private line service. Once the traffic is on the core AT&T network, it is secured using MPLS VPNs.

10/12/20181