How Secure Is Your VOIP Network?

by : John Mce

Voice over IP telephone services are revolutionising how the world communicates, individuals, and businesses are embracing the capabilities and harnessing the power of the internet. Despite voice over IP being a great technological breakthrough, security is still a major concern, yet with the proper precautions it should not have to be.

Most users implementing VOIP these days are primarily concerned about voice quality, latency and interoperability. However we shouldn't overlook the security risks that can crop up when the voice and data worlds converge, users and analysts say.

With voice over IP, voice traffic is carried over a packet-switched data network via Internet Protocol. VOIP networks treat voice as another form of data but use sophisticated voice-compression algorithms to ensure optimal bandwidth utilization. As a result, VOIP networks are able to carry many more voice calls than traditional switched circuit networks. Voice over IP also enables enhanced services such as unified communications.

Securing voice traffic on such networks isn't very different from securing any data traffic on an IP network. In a VOIP world, private branch exchanges are replaced by server-based IP PBXs running on Windows NT or a vendor's proprietary operating system. Such call management boxes, which are used both for serving up VOIP services and for logging call information, are susceptible to virus attacks and hackers. Break-ins of these servers could result in the loss or compromise of potentially sensitive data..
Consequently, it's important that such equipment is properly locked down, placed behind firewalls, patched against vulnerabilities and frequently monitored using intrusion-detection systems.

The University of Houston went one step further and made sure that its call manager and its entire VOIP network aren't directly accessible from the Internet. The school has put its IP PBXs in a different domain than its other servers and has limited administration access to the servers.

VOIP gateway technologies are also a potential weak point. When VOIP is used externally, gateway technologies convert data packets from the IP network into voice before sending them over a public switched telephone network. When VOIP is used internally, the gateways basically route packetised voice data between the source and the destination.

The concern here is that such gateways can be hacked into by malicious attackers in order to make free telephone calls. The trick to protecting against this lies in having strict access-control lists and making sure the gateway is configured in such a fashion that only the people on this list are permitted to make and receive VOIP calls.

As with traditional telephony, eavesdropping is a concern for organizations using VOIP-and the consequences can be greater. Because voice travels in packets over the data network, hackers can use data-sniffing and other hacking tools to identify, modify, store and play back voice traffic traversing the network.

Ultimately, it's important to remember that securing a VOIP infrastructure involves nothing that is drastically different from the measures corporations have always taken to protect their data. To sum up, There are a few simple things any corporation can take to protect their VOIP network, firstly separating and isolating voice traffic onto a virtual LAN is one way of mitigating the risk, of unauthorised access. Secondly using access lists that define exactly who is entitled to access the network will stamp out external threats. Finally using encryption, as you should with any sensitive data, adds another layer to your secure communication.