VoIP Security: Sweat It, at Least a Little Bit

Carl Weinschenk
Slide Show

Five Things You Need to Know About VoIP

The top five things you might not be aware of, but should know when it comes to VoIP.

The common wisdom is that everything gets better with IP in general and VoIP in particular. VoIP, proponents say, is cheaper, more flexible and generally better.

Common wisdom is common because it is correct almost all the time. But there are exceptions. One of these, according to Irwin Lazar, vice president and service director for Nemertes Research, is that security is more of a challenge in VoIP than in the antiquated time-division multiplexing (TDM) world.

Lazar explains the challenges of VoIP security well. One issue is that Session Initiation Protocol (SIP) trunking transitions everything into the IP domain. The inherent safety of using two different networking protocol-IP and TDM-therefore is absent.

A second trend that is eroding security is the growth of unified communications (UC). The cloistering of VoIP voice traffic in its own virtual local-area network (VLAN) isn't compatible with UC. In a UC system, VoIP must move beyond the VLAN. As it does this, the data is vulnerable if other security features aren't up-to-snuff.

Finally, Lazar points out that virtual phones and fixed mobile convergence (FMC) also cause potential problems:

Instead, IT leaders increasingly seek to leverage technologies such as softphones and fixed-mobile integration to enable their workers to use their cell phone just as they would use a desktop extension. FMC raises significant security concerns, not only from the need to allow access to enterprise telecom systems from devices residing on public networks, but also because of the need to protect data stored on a mobile device in the event of loss or theft.

Otel lists some of the security concerns of VoIP. They include: "phreaking," wiretapping, identity theft, VoIP phishing (Vishing), denial of service (DoS) attacks, spamming, call tampering and man-in-the-middle attacks. A brief explanation is offered for each. The bottom line, though, is simple: VoIP is far from immune from security problems and, indeed, seems to be the target of new versions of old attacks.

In order to keep secure, writes Diane Giuffre at MegaPath, potential vendors of VoIP services should be asked three questions: Is the public switched telephone network (PSTN) reached via the public Internet or a private IP network? Is SIP trunking involved? Are Multiprotocol Label Switching (MPLS) and IP Security (IPSec) Virtual Private Networks (VPNs) used? She explains why each of these questions is important.

This isn't an academic exercise. Two weeks ago, for instance, Threat Post carried an item about Romanian hackers accused of using VoIP networks to place calls to premium rate numbers. VoIP security will be a growing problem, especially if IT departments don't note that common wisdom isn't infallible.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.