In this section we list security-related issues to consider when deploying an H.323 service, in particular when joining the JANET H.323 service, using a studio system on the local campus.

Using the JVCS-IP

In the context of the JVCS-IP, that service will be responsible for:

• MCU set-up at the JANET C-PoPs;
• gatekeeper set-up at the JANET C-PoPs;
• monitoring and security checks of the publicly accessible C-PoP H.323 devices;
• informing users of the booking system of the importance of the privacy of any booking information the users see (having logged into the booking system);
• resilience to DoS attacks on the C-PoP-hosted H.323 components.

Responsibilities for sites connecting to the service include:

• set-up, configuration and security checks of any site gatekeeper used;
• set-up, configuration and security checks of any site proxy and/or firewall;
• security of the site H.323 videoconferencing studio;
• deployment of switched Ethernet paths to the studio and for network management;
• physical security of the H.323 terminal;
• lockdown of configuration options for the H.323 terminal;
• ensuring any site gatekeeper is manually configured, not using multicast discovery;
• liaising with the Regional Networks for QoS provision where required.

Further site-specific issues are described in Appendix A.

The JANET Videoconferencing Management Centre is responsible for performing site (studio) tests for quality assurance [JVCS-IP].

Risk assessment

The following table shows some recommendations and suggested risk assessment considerations. This is not an exhaustive list; sites should perform their own assessment exercises.