966 KB | 3 files | PDF, DOC
Just because voice data travels in packets doesn't mean that your current IT network can handle the QoS needed to support latency-sensitive applications. This research note covers the myriad networking issues associated with VoIP.
Voice over IP — the transmission of voice over packet-switched IP networks — is one of the most important emerging trends in telecommunications. As with many new technologies, VOIP introduces both security risks and opportunities. VOIP has a very different architecture than traditional circuit-based telephony, and these differences result in significant security issues. Lower cost and greater flexibility are among the promises of VOIP for the enterprise, but VOIP should not be installed without careful consideration of the security problems introduced. Administrators may mistakenly assume that since digitized voice travels in packets, they can simply plug VOIP components into their already-secured networks and remain secure. However, the process is not that simple. This publication explains the challenges of VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an organization's VOIP network. VOIP security considerations for the public switched telephone network (PSTN) are largely outside the scope of this document.
VOIP systems take a wide variety of forms, including traditional telephone handsets, conferencing units, and mobile units. In addition to end-user equipment, VOIP systems include a variety of other components, including call processors/call managers, gateways, routers, firewalls, and protocols. Most of these components have counterparts used in data networks, but the performance demands of VOIP mean that ordinary network software and hardware must be supplemented with special VOIP components. Not only does VOIP require higher performance than most data systems, critical services, such as Emergency 911 must be accommodated. One of the main sources of confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in packets just like other data, existing network architectures and tools can be used without change. However, VOIP adds a number of complications to existing network technology, and these problems are magnified by security considerations.
The attached Zip file includes:
The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. ... More >>
This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating a variety of attributes. ... More >>
This excerpt from chapter 7 provides an overview of cellular networks, LANs, PANs, WLAN security, and best practices for mobile device security. ... More >>