What are the unique issues in endpoint security in a converged network?
There aren't really any unique issues, however, there are still issues. Issues around device authentication to the network and user authentication to the application environment.
There are issues around privacy in terms of the cost/benefit. There are performance issues. If you've ever complained about the slowness of credit card processing servers, or websites that use https:// in their URLs, you feel the impact pretty dramatically. This extra processing step introduces latency into the RTP stream and may impact user satisfaction and end device cost. High satisfaction and high privacy is possible, but at what end device cost?There are issues with encryption interoperability (obviously both ends of the RTP stream have to have the appropriate key to encrypt/decrypt), and the spare processing power to do so.
There are issues around service availability. For any device that holds an IP address, or is in the packet flow, the sustained loads generated by insidious attacks such as Distributed Denial of Service attacks, can cause restart, serious service quality degradations and non-availability. Problems that in telephony systems can be serious for public safety and business continuity.
There are also issues around client software (soft phones) authentication. For example, 3Com LAN switches can detect the MAC addresses for any 3Com IP phone and can automatically (it's a configurable option) insert that IP phone into the voice vLAN. However, if you plug the PC into the back of the phone (there's a 2-port switch there – one to plug the phone into the wall and the other for another device), the MAC address of the PC is not in the same range as the IP phones, and so the PC is not automatically placed in the voice vLAN.
Even if you insert the PC into the voice vLAN manually, how does that affect the email or SAP or web browsing performance and security?
So, how does the industry solve this opportunity?