VOIP: Don't overlook security
Computerworld - Corporations that are implementing voice over IP (VOIP) technologies in a bid to cut communications costs shouldn't overlook the security risks that can crop up when the voice and data worlds converge, users and analysts say.
Most users implementing VOIP these days are primarily concerned about voice quality, latency and interoperability. All are fundamental quality-of-service considerations that companies need to deal with before they can even begin justifying the move to VOIP.
But some security organizations are cautioning users about the dangers of unsecured VOIP services. For instance, in an August 2001 paper on its Web site, the Bethesda, Md.-based SANS Institute warned of privacy- and authentication-related issues stemming from VOIP services and urged users to apply the same precautions they've used to protect their data services.
"With the convergence of the voice and data worlds, the real similarities of the security concerns will become apparent," the SANS report said, urging users to take measures such as encrypting voice services, building redundancy into their VOIP networks, locking down their VOIP servers and performing regular security audits.
Without a sharp focus on security as well, VOIP will never make it into corporate use, say users and analysts.
With VOIP, voice traffic is carried over a packet-switched data network via Internet Protocol. VOIP networks treat voice as another form of data but use sophisticated voice-compression algorithms to ensure optimal bandwidth utilization. As a result, VOIP networks are able to carry many more voice calls than traditional switched circuit networks. VOIP also enables enhanced services such as unified communications.
Voice as Data
Securing voice traffic on such networks isn't very different from securing any data traffic on an IP network, says David Krauthamer, director of IT at Advanced Fibre Communications Inc. (AFC), a Petaluma, Calif.-based manufacturer of telecommunications equipment. AFC is using limited VOIP communications internally and may use it for external communications as well.
"VOIP security needs to be handled in the overall context of data security," Krauthamer says.
But there are some aspects of VOIP networks that users need to pay close attention to, says Christopher Kemmerer, an analyst at NexTiraOne Inc., an integrator of voice and data networks in Houston.
In a VOIP world, private branch exchanges (PBX) are replaced by server-based IP PBXs running on Microsoft Corp.'s Windows NT or a vendor's proprietary operating system. Such call management boxes, which are used both for serving up VOIP services and for logging call information, are susceptible to virus attacks and hackers. Break-ins of these servers could result in the loss or compromise of potentially sensitive data, Kemmerer says.
Consequently, it's important that such equipment is properly locked down, placed behind firewalls, patched against vulnerabilities and frequently monitored using intrusion-detection systems, he says.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!