The Security Pitfalls of VoIP

Voice over IP (VoIP) is a fast-emerging communications technology that allows organizations to send voice traffic over IP networks. Many businesses, however, are concerned about the reliability and security of VoIP technology.

. What's this?

By

December 09, 2002CSOVoice over IP (VoIP) is a fast-emerging communications technology that allows organizations to send voice traffic over IP networks. Many businesses, however, are concerned about the reliability and security of VoIP technology.

For those who embrace it, VoIP offers its users local and long-distance phone service at a fraction of the cost of analog voice communications. In addition, VoIP promises to deliver a whole world of new features to the workplace that tie together voice and data. Forget about caller IDimagine a phone that ties the incoming caller ID directly to your customer database, automatically pulling up customer accounts on your support representative's desktop.

But CIOs and CSOs tread carefully when considering alternatives to the existing phone infrastructure. While getting an e-mail bounced back to them might make customers wonder whether you're having server troubles, getting a phone call to your headquarters dropped might make them wonder whether you've gone out of business.

According to Matthew Kovar, director of security solutions and services at the Yankee Group, the first thing CSOs should understand about VoIP security is that they already know a lot about it.

"Voice is just a different application that's going to run over IP infrastructure, so all the vulnerabilities that exist in your other IP applications also exist in this application," says Kovar.

Among the key exposures of VoIP systems, he says, are traditional hacks such as snooping (intercepting and decoding VoIP traffic) and packet spoofing (impersonating a party in a VoIP exchange to collect data).

The challenges of VoIP have made virtual private network (VPN) technology the choice for most CSOs.

Using VPN, companies can encrypt wide-area VoIP traffic from remote offices and send it over VPN tunnels, keeping that voice content secure. Using VPN also eliminates the need to open ports on the corporate firewall to allow VoIP traffic through.

Still, the landscape is changing with hardware manufacturers like Cisco Systems and Check Point Software Technologies adding SIP and H.323 support for their existing firewall products. In addition, smaller players like the Swedish company Ingate are marketing firewalls designed specifically for VoIP traffic.

In the end, CIOs and CSOs will have to become convinced that reliable answers exist for the security questions posed by VoIP before the technology will take off.

"It's a question of whether customers feel comfortable with IP issues that may interrupt phone networks, and right now they just don't have enough experience with the technology," says Kovar.

Read more about data protection in CSOonline's Data Protection section.

Other stories by Paul Roberts

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER