Inter-Tel AXXESS Manual page 1539

8. PUBLIC (UNTRUSTED) NETWORKS
8.1 The private networking scenarios discussed in "Private (Trusted) Networks" on
7 impose very few restrictions on the topology of the IP telephony equipment because there are
no security barriers between devices. However, one of the major benefits of IP telephony is the
ability to leverage the existence of large public IP networks (for example, the Internet) to
extend the communication network. Using public (untrusted) networks requires security mea-
sures to protect the private (trusted) network. This protection is usually provided through a
firewall. Unfortunately, the functionality provided by a firewall impedes the communications
necessary for IP telephony.
8.2
To use the public network in safe manner, it is necessary to provide some protection
while allowing the necessary communications. In network terminology, this is usually config-
ured using a topology known as a DMZ (DeMilitarized Zone)
accessible from the Internet in very specific ways according to the source and destination
addresses and the applications that they support. However, the devices in the DMZ have very
limited access into the private LAN to protect it should these devices be compromised. Devices
in a DMZ network generally include Web servers, mail servers, etc.
5. Note that many home router/firewalls (e.g., Linksys) inaccurately use the term DMZ to describe
something else: an internal host accessible at a public address. This document uses the term DMZ
as described in the definitions section (see
Public (Untrusted) Networks
® ®
INTER-TEL AXXESS MANUAL VERSION 11.0 – May 2008
page F-2).
Appendix F – Network Topology
5
. Devices in a DMZ network are
Page F-9
page F-