Secure IP Telephony, Issues and Threats

By: Gregory Smyth

The heavy adoption of IP-based telephony has triggered concerns regarding potential security issues and threats have risen proportionally. This necessitates the need to make IP telephony secure. Many of the concerns relating telephony security are the same for both traditional TDM technology and IP-based systems. However, IP-based telephony gives rise to additional areas of insecurity, which if not managed in the right way, may lead to threats.

Many VoIP deployments are established with performance and quality of service as top requirements for the converged network. Mistakenly, security was not given enough emphasis at the time of deployment. Due to the fact that these business critical telephony services are now working on a multi-service network, that, if not secured properly, can put the security and integrity of said services in danger. Security as an add-on is far from acceptable and may in fact be detrimental.

A recently published report states that VoIP systems can be expected to be more susceptible than conventional telephone systems, partly because they are attached to the data network, leading to additional security vulnerabilities and possibilities of attack.

Fortunately, most IP-based networks today already possess integrated security capabilities and the widespread experience residing in the traditional voice world can be summoned to bear on the common issues. By increasing the capabilities across both spheres, IP telephony can be as reliable, even more reliable, than conventional telephony systems.

Threats to IP telephony can come from various areas. Theft of service is related with the toll fraud by way of the unauthorized utilization of telephony services. Monopolizing resources maliciously or accidentally so as to thwart normal operation can be referred to as denial of service. Eavesdropping includes encroachment of privacy via listening in on telephone conversations or illegal access to messaging services like voicemail.

Theft of service assumes equal significance both as a policy definition and enforcement issue, and as a technology one. Technology is ideally applied when it can spot theft of service events and make sure the ongoing enforcement of policies to counter them. Tools that identify anomalies in call patterns and spot potential telephony abuse and fraud are obtainable in the marketplace today.

Many of the threats to enterprise IP telephony are not typical to telephony but common to many IP-based applications on the network. Establishment of best-practice security methods for IP telephony will push forward overall security across many other network-based applications. If established properly, IP telephony can be made more secure than conventional TDM telephone services at a reduced cost.

While taking into account an investment in IP telephony, the more planning and analysis is done at the beginning, the fewer worries during and after deployment. An infrastructure assessment and risk assessment should be included to every IP telephony project.

The right partner can assist determine if the prevailing infrastructure has the capacity and resilience to provide the required backup to IP telephony and deliver a level of uptime consistent with the organization's tolerance for potential threats. System integration firms with both converged networking and security policies will be equipped to plan, build and back-up secure IP telephony infrastructure keeping with industry-accepted best practices.

Top Searches on
Security
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 

» More on Security