VOIP (Voice Over IP)

VOIP (Voice Over IP)

VOIP, Voice over Internet Protocol is a great idea, but is it secure? The fact is that VOIP can be as safe any data application as long as you safeguard the same as you would any data application. The trick is to configure it the same as you would any sensitive data application that may be vulnerable to the internet.

Analysts agree that safeguarding VOIP comes down to typical procedures for ensuring the security of networked servers, applications and voice.

If using any type of firewall, it is important to ensure that your safeguards can handle the special problems associated with using VOIP with these applications. Firewalls in a VOIP operation must be able to handle these fairly complex instantaneous communications protocols. H.323 and SIP have separate control and media transfer connections, which mean they characteristically make a connection on one IP port to set up a call and then pick a random, high-numbered IP port, usually above Port 1024, for the data connection. You can't simply configure a firewall with certain ports opened and blocked since the device can never know which port will be used for the connection.

It is necessary to have a firewall that recognizes those protocols well enough to only open data connections when they've been negotiated and authenticated in the control fields, and it needs to know to close them when the sessions are over.

The VOIP server needs special attention, too. The operating system of most IP PBXs must be stripped of unnecessary services that can lead to security breaches. The server should be used for only VOIP only, disabling other applications on the server.

Another concern is securing the application so that a hacker can't listen in on a voice call or hijack voice service. One way to evade eavesdropping is to encrypt the call, which current VPN technology effortlessly handles. However, be sure that the end device has the processing power to support a VPN client. Many IP phones don't have that power yet. Without this technology the user would need to implement a VPN client on a workstation or laptop and connect the phone to the PC.

The first step in providing security for VOIP, it’s useful to divide the task into two major categories. The first of these is the security of the voice network infrastructure. This involves protecting the servers from attack so that the voice network itself remains intact. Just as you don’t want your internal data servers hacked, you don’t want your servers that happen to be IP PBXs hacked. The good news here, though, is that you hopefully already have a good security infrastructure for your “data” servers, and your IP-PBX equipment will simply become a part of this infrastructure.

The second step is protecting the voice conversation content. There seems to be a widespread misconception that conversations that are transported over IP are less secure than conventional telephone conversations. In reality, the opposite is true. As a rule, it’s tougher to hack into VOIP content than it is to tap a conventional telephone conversation. Ultimately, the evaluation has to come down to comparing VOIP with traditional telephone. And VOIP is going to score rather fine in most areas.

All new technology is under suspect in its earliest stages, but just like any other aspect of life, if you are going to move forward you must take chances and test new things.