Voice over IP – the transmission of voice over packet-switched IP networks – is one of the most important emerging trends in telecommunications. As with many new technologies, VOIP introduces both security risks and opportunities. VOIP has a very different architecture than traditional circuit-based telephony, and these differences result in significant security issues. Lower cost and greater flexibility are among the promises of VOIP for the enterprise, but VOIP should not be installed without careful consideration of the security problems introduced. Administrators may mistakenly assume that since digitized voice travels in packets, they can simply plug VOIP components into their already-secured networks and remain secure. However, the process is not that simple. This publication explains the challenges of VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an organization’s VOIP network. VOIP security considerations for the public switched telephone network (PSTN) are largely outside the scope of this document.
VOIP systems take a wide variety of forms, including traditional telephone handsets, conferencing units, and mobile units. In addition to end-user equipment, VOIP systems include a variety of other components, including call processors/call managers, gateways, routers, firewalls, and protocols. Most of these components have counterparts used in data networks, but the performance demands of VOIP mean that ordinary network software and hardware must be supplemented with special VOIP components. Not only does VOIP require higher performance than most data systems, critical services, such as Emergency 911 must be accommodated. One of the main sources of confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in packets just like other data, existing network architectures and tools can be used without change. However, VOIP adds a number of complications to existing network technology, and these problems are magnified by security considerations.
The attached Zip file includes:
• Intro Page.doc
• Cover Sheet and Terms.pdf
• Security Considerations for Voice Over IP Systems.pdf
Related Knowledge Network Content
All About Reducing Your IT Costs
Looking to cut costs? Use this research-driven Excel tool to pinpoint which IT cost reduction measures best fit your needs.
ITIL V3 Foundation - Complete Certification Kit
Enhance your IT career by getting your ITIL Foundation Certificate. It's fast and easy with this complete resource. The 186-page eBook and companion online training course is guaranteed to help you pass the ITIL exam.
Since this document has the word “security” in the title, I will start there. I will cover performance at the end of my rant. First, this is still IP. It still relies on the same fundamental principles that allow all packets to travel from point A to point B. People have been using IPSEC tunnels in combination with VoIP for over a decade. Current technologies demonstrate that VoIP traffic can be secured using SSL VPN’s in support of mobile users. Unified Threat Management (UTM)appliances can guard your ingress and egress points by applying statefull packet inspection, IPS, Anti Viri and anti Malware scans as well as application layer firewalling. Long story short, apply the same security practices on VoIP data as you do any other types of data. Even stronger security controls should be applied to your mobile workforce or extranet partners.
Now for performance. Buy security devices that can keep up with your traffic and aid in “prioritizing’ VoIP traffic. Application aware UTM devices have the ability to provide QOS and “traffic-shaping” services. Remember, uptime is related to performance. The ability to dial 911 is dependent on uptime.
To be successful in securing VoIP traffic you need to follow, one of my favorite terms, “best practices”. . I like ISO, NIST, COBIt and other types of frameworks and guidelines. It comes down to what flavor of regulatory compliance or business governance you live by. You will need to define your objects, apply your controls and monitor.