The only publication dedicated to OSS     Volume 2, Issue 3 - August 2005
Current Issue
Cover Page
Taking Stock
VoIP Security
The Next Level
Measuring Up
Forward Movement
Tapping the Market
A Pioneer's Tale
Editor's Letter
 
Subscribe
About Us
Archives
Ed-Opps
Ad-Opps
Advertisers
Sponsors

VoIP Security - Is It Really an Issue?


By Chris Thatcher

Consumer exposure to threats in the data world have consistently and exponentially grown over the past five years – a fact reinforced in the media each day, with reports of breaches in data security at lending institutions and retail outlets nationwide. The number of vulnerabilities grows daily, as does the simplicity of pre-packaged hacker tools. The potential loss of revenue or a tarnished reputation in the event of compromise is high.


Though there have been no major threats to date to VoIP security, the multitude of security threats that plague today’s data networks will be inherited by VoIP infrastructures down the road. The addition of VoIP as an application on the network makes those threats even more dangerous. For example, a distributed Denial of Service (DoS) attack may slow down someone browsing the Web, but on a VoIP network this same attack could prevent 911 calls. Other potential breaches include: spam calling (SPIT), tapping into calls, viruses, user identity management issues, and of course the unknown.

If the right steps are taken, VoIP can be made as secure -- if not more secure -- as its traditional counterpart. However, when it comes to securing VoIP networks, the traditional business mentality has been to focus on “probable,” near term security issues. Then, if there is budget left, businesses are considering the “possible.” Companies currently view many vulnerabilities as “too complex” or “too unlikely” to spend money on.

Improving VoIP Security
Waiting to secure a VoIP infrastructure is not only dangerous from a security perspective, but it is also more costly. Proper security for VoIP can change the logical topology and the bill of materials in network configuration. It requires tuning and changing controls that could temporarily affect voice services. For these reasons it is best if an organization can begin by building security into initial VoIP deployments rather than bolting it on afterwards.

The key to success is making security a priority and working with a vendor and/or solutions provider that offer an integrated, end-to-end approach to converged network security that includes the following components:

• Establish trust zones by segregating the converged network from the data-only network—either physically or through virtual LANs. Segregating the voice traffic onto separate networks and enforcing the separation will limit access from both internal and external users.
• Apply the same defense-in-depth strategy you would with any business critical network. The extended perimeter must be protected with multi-layered solutions such as firewalls, network and host based intrusion prevention, anti-virus, encryption, and more.
• Stop many attacks before they enter the network with network intrusion prevention. Be sure to protect the call manager and voice gateways as well.

 


Send Comment

 

Subscribe   About Us   Archives   Editorial Opportunities
Advertising Opportunities   Advertisers   Sponsors

© 2005, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.