How to ensure reliability in your organization’s voice/data network

Paul Kirvan, board member of the Business Continuity Institute’s (BCI) U.S. chapter, discusses some best practices in securing your organization’s voice/data network.

Paul Kirvan, CISA, CSSP, FBCI, CBCP, board member of the Business Continuity Institute’s (BCI) U.S. chapter, discusses some best practices in ensuring reliability in your organization’s voice/data network. Learn how to improve reliability in your network, what security issues exist, as well as some tips on protecting your network’s infrastructure. Listen to our latest podcast on voice/data networks or read the transcript below.

Play now:
Download for later:

Podcast: Paul Kirvan discusses how to ensure reliability in a voice/data network.

  • Internet Explorer: Right Click > Save Target As
  • Firefox: Right Click > Save Link As







How do you ensure reliability in a voice/data network, say for example, during a power outage that would not normally affect traditional phone lines?

Interestingly, a private voice/data network has a very good chance of being run over what might be called “traditional” phone lines. Access from a local telephone company exchange to a company is likely to be over either copper or fiber-optic facilities provided by the local telephone company. Even Internet access is likely to be provided over telco-provided lines, despite the perception that the Internet is a unique entity. While it’s true that a major power outage could disrupt networks inside the organization, especially if the access equipment is not on a battery backup or UPS arrangement, the likelihood of a telco-centered power outage is much less.

Since voice/data networks today are comprised of many segments that can be provided by multiple carriers, the chances of a power outage affecting network performance is increased simply by the number of players. A few techniques to ensure resilience include 1) installing a diversely-run local access network to a different local telco, with no overlapping cable routes and manholes; 2) using free-space communications, such as point-to-point microwave to bypass the local loop; 3) obtaining service from multiple service providers so there is a backup carrier available; and 4) obtain service via a fiber optic ring, such as SONET, that has multiple access points and higher redundancy.

How concerned should uses of VoIP be about security, particularly the chance of someone listening in on voice calls, etc.?

In the days of traditional PBX or Centrex systems, the voice network was physically separate from any data networks. Today, with voice/data communications assets occupying the same network infrastructure, security is a big issue. Chances of unauthorized access to a VoIP system are comparable to those of a data network infrastructure. Thus, the same network protection schemes, such as firewalls, non-porous perimeters, intrusion prevention systems, antivirus/anti-spam software, running VoIP on separate subnets that do not overlap with existing data nets, should be used to prevent unauthorized entry into a VoIP infrastructure.

What kind of IT infrastructure is needed for a robust voice/data network?

If money is no object, a fully-meshed network is an ideal configuration. Diversely run network segments, e.g., going in different physical paths; and cross-connections to multiple, backed-up routers and switches, are another approach. Backup power systems for all critical infrastructure hardware are essential. Locating network equipment in secure equipment areas is important. It may be useful to utilize managed network services from experienced third-party firms as a supplement to the primary network. Even cloud-based network services could be a viable approach.

What are some quick and easy tips to protect voice/data network infrastructures?

Wherever possible, have backup network components, such as switches and routers. Build an inventory of spare parts and other relevant components, including routers, hubs, circuit boards and power supplies. Regularly rotate the spare parts and backup components into the operating network to ensure they work properly, and tag them accordingly. Test network recovery and re-routing services to ensure they work properly. Don’t assume the “telephone company” will take care of failed network components. Those days are long gone, and it’s now the user’s responsibility to ensure network resilience.

What are some tips to protect legacy (e.g., non-VoIP) PBX systems?

Ensure that backup battery systems are working properly and are tested regularly, e.g., at least twice a month. Ensure that UPS equipment is regularly tested and backup systems are available. Periodically open the equipment cabinets and vacuum out the dust and other potentially damaging contaminants. Consider the secondary market, e.g., used equipment market, for obtaining spare phones, circuit boards, power supplies, cable and connectors and other necessary devices. Why pay full price? If the phone system is ten years old or older, you may not be able to get spares except through the secondary market. Test spare circuit board at least twice annually; connect make them into the live system to ensure they work properly, and tag them as to the date tested and results.

How do you build a disaster recovery plan for voice/data infrastructure assets?

The voice/data network DR plan development process is largely the same as for any server, data center, HVAC system, power supply or other component. Conduct a business impact analysis to identify the most important business activities supported by the networks; conduct a risk assessment to determine the threats to and vulnerabilities of the network. Devise strategies, such as reconfiguring the network design, to make the network more resilient. Develop plans that address recovery and restoration of critical network assets. Work closely with your equipment vendors and network service providers to determine what emergency arrangements they have to minimize network downtime. Obtain detailed step-by-step technical procedures you get from vendors, such as system restarts and database reloads, and incorporate them into the DR plan. Review your DR plans with vendors and carriers to validate your recovery procedures. Review and update the plans at least annually, or certainly when a major change to the network infrastructure occurs, such as upgrading of routers or switches. Exercise the recovery processes at least twice a year, if not more frequently.

The Business Continuity Institute (BCI) was established in 1994 to help individual members obtain guidance and support from fellow business continuity practitioners. The BCI currently has 5000+ members in 90 countries. Professional membership of the BCI provides internationally recognized status as this valued certification demonstrates a member’s competence to carry out business continuity management (BCM) to a consistent high standard. The wider role of the BCI, and the BCI's USA Chapter, is to promote the highest standards of professional competence and commercial ethics in the provision and maintenance of business continuity planning and professional services.

Dig Deeper on Disaster recovery networking