Security incidents are a complete disruption of my normal day-to-day activities. I love them. I especially like it when they uncover systemic problems we might not otherwise have found out about. We had one of those this week.
Stories by Mathias Thurman
For several years, my company used Microsoft's Point-to-Point Tunneling Protocol (PPTP) to provide remote users with VPN access to corporate resources. This worked well, and almost all employees who had PPTP permissions were comfortable with this method. But after several security problems with PPTP were reported, we decided about a year ago to deploy virtual private network concentrators from Cisco Systems at all of our core points of presence.
In an effort to cut costs, my company has decided to migrate from private branch exchanges to IP telephony. By routing calls over our existing IP network and using voice-over-IP links, we can significantly cut our telecommunications costs, especially since we have significant telephone traffic between our U.S. offices and places like Europe and India, as well as other parts of Asia.
The bottom line, however, is that we'll have phones on our desks that are connected to the network. And that means securing the telephone network will become my problem.