Many thanks to all those who attended the VoIP provisioning workshop at the offices of Associate Member Preiskel & Co LLP on Thursday 8th
May. Provisioning may seem a pretty mundane subject but it is one that is of critical importance to our industry. Peter Cox (UM Labs) first set the workshop in context, outlining the reason why ITSPA members had raised this issue of importance in recent months. Following a presentation last year by a community blogger, which highlighted concerns and security risks around auto provisioning, ITSPA agreed it would be useful to discuss potential best practice as well as solutions for the industry to work together around. Peter showed how easy it was for potential attackers to obtain sensitive information via provisioning servers which had not been authenticated. This opened up vulnerabilities around misusing this data either via impersonating phones, re-directing inbound calls, call fraud and possible DoS attacks. Peter reiterated his belief that certificate authentication was the way forward.Tim Bray (ProVu) then followed up with his general advice around the security risks, the mitigation strategies and potential authentication strategies. He also outlined a draft Best Practice Document which he had worked on, following discussion with members of the ITSPA Operations Group around provisioning. This was discussed at length by the attendees and there was agreement that the document was of help to the membership going forward - the general consensus was that Certificate authentication was the way things were going and it would be helpful to move in that direction as quickly as possible across the industry. The vendors who attended the event were also interested in working with the ITSPs to help implement the best practice. The draft document will be completed in the next few weeks and then published for the membership.Should you wish to receive copies of the slide decks, please contact the ITSPA team.
The ITSPA Provisioning Workshop