×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

BCM50 Remote IP Sets - VPN or not to VPN?

BCM50 Remote IP Sets - VPN or not to VPN?

BCM50 Remote IP Sets - VPN or not to VPN?

(OP)
Hi all,

The medical clinic where I manage a BCM50 R6 (fully patched) has asked me to look into setting up remote IP sets that employees can use from their homes.

I have some spare i2004 sets lying around and with the Remote Worker/NAT Traversal feature, this seems relatively straightforward to set up. However... using the Remote Worker feature instead of a VPN would mean that voice traffic is unencrypted, and given that this is a medical clinic, calls over IP sets would involve confidential information.

My aim is not to install an IP set solution that would compromise confidentiality, but I'm trying to understand if using the Remote Worker feature is any more risky from a security standpoint than a having confidential discussion over a POTS line (which the clinic already uses several of).

Have any of you vendors/installers used the Remote Worker setup for businesses where confidentiality is important (medicine, law, etc.), or do you have another preferred method for connecting remote IP sets to the BCM? I'm curious to hear some perspective on this...

Thanks!
Matteo

RE: BCM50 Remote IP Sets - VPN or not to VPN?

I have never had those type of clients worry or ask about it.

From what I understand but could be wrong with some of this....

Remote Worker has it's own tunnel (IP set to the BCM) via UDP ports.
When the port is forwarded the router excuses itself from intervention, like bridging your internet modem.

VPN would only be protecting/encrypting the call between the IP set and the BCM, not calls out on the BCM's trunks.

IP Sets are still digital between set and BCM

A hacker would have to:
1. Know the public IP of one of the sites be it BCM or the users home/office.
2. Tap into the connection/router/network
3. Put a sniffer on the connection (wireshark etc)
4. Know which RDP packets to capture and decipher
5. If its a hacker whom is after info on a specific person or event, then would they even know who is talking to who or what they are really talking about.

If anything I would say any paranoia should be focused on the voip trunk maybe.
I read if the police wanted to "wiretap" a voip line then the carrier would put a temp conversion from RDP to analog lines, then back to RDP etc, so the police would wiretap the temp analog lines.

If the remote routers are setup as VPN to the main office then you probably only need to enter the local IP of the BCM into the set config, but that is just an assumption as well.

Maybe/hopefully more phone nerds will reply since this is not my forte.







=----(((((((((()----=
www.curlycord.com
Toronto, Canada

Add me to LinkedIN

RE: BCM50 Remote IP Sets - VPN or not to VPN?

(OP)
Thank you for your input cc.

What you explained makes sense to me. As of now, I'm likely going to choose to go ahead with the Remote Worker setup. If anyone else has something to add, I welcome any other feedback.

Matteo

RE: BCM50 Remote IP Sets - VPN or not to VPN?

i am being asked to deploy 2 of these setups, and i don't think i've done it for about 2 years so i'm trying to come back up to speed. my 2 clients use 1140e with latest firmware (that i know of) and i'm putting in a separate xDSL for these projects, only because i don't control network access. as for wiretaps of voip stuff, i'm a little dated on whats current but i do remember lawful intercept had to be on every north american network (IP, voip, cell, etc) new and existing by 2008, i lost track of the legislation shortly after 2012

now to re-read up on remote worker :)

thanks for your reply CC

rr

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close