VoIP security for everyone

VoIP can also help companies economise through managing only one converged data network instead of separate voice and data lines and it can also bring multimedia services to the desktop, in some cases improving customer service.

However, VoIP technology can also expose companies’ voice systems to all of the hazards that now plague data networks such as worms, viruses, spam over Internet telephony (SPIT), eavesdropping and fraud.

It is therefore very important that organisations understand the security risks before they start implementation and by planning and deploying a secure architecture, the majority of the risks inherent in any VoIP solution can be eliminated.

It is a common misconception that data firewalls will protect a VoIP system. They won’t. Voice encryption, authentication, VoIP-specific firewalls and the separation of voice and data traffic all need to be considered. Traditional private branch exchange (PBX) phone systems have their own vulnerabilities, and in the past hackers have broken into large phone and voice mail networks. But VoIP expands vulnerability, offering more opportunities for hackers to gain access.

Security risks that VoIP systems can bring can be classified into three types: Service availability, Confidentiality, System integrity.

Firstly, service availability can be restricted because voice systems are network enabled and usually provide remote management and access tools, providing intruders and attackers with a host of access points and denial of service mechanisms.

Similarly, in a VoIP environment, a ‘packet capturer’ or ‘protocol analyser’ connected to a shared network could allow the interception and recording of voice traffic so confidentiality is compromised.

Lastly, integrity threats cover anything in which system functions or data may be modified. Once an attacker has compromised the system configuration they can modify, delete or disclose information.

Article by Mario Vecchio, ANZ Siemens Enterprise Networks, General Manager, ANZ