Voice over IP Security

Much ink has been spilled over the vulnerabilities created by running voice traffic over data networks. But smart CSOs are, in fact, going to use voice over IPand similar forthcoming technologiesto their benefit.

Audio monitoring also allows a more intelligent filtering of video monitor output. Many security incidents come with characteristic noisesa shout, the sound of breaking glass, metal striking metal. An officer watching a bank of dumb monitors won't always be looking at the right screen at the right time. He might be turned around, looking at none of them. A shout will always get his attention. And a quick glance at the screen farthest to the right, where the audio signal needle is, should focus his attention where it needs to be.

Since VoIP connections can be controlled from anywhere, the officer on duty can conduct patrols or investigate situations personally without ever being out of touch. VoIP streams can be copied to any address with no loss of quality, which makes it easy for an officer in location A to ask a colleague in location B for his opinioneven if location B is 1,000 miles away. (There are downsides to this accesssuch as being pestered by people who want to know where their car is. Moss also cautions that privacy concerns will inhibit the use of audio surveillance in some cases.)

Finally, while vendors might talk up "convergence" to CIOs (in this case, meaning the confluence of multiple types of data over a single wire), VoIP turns out be more of a "redundancy" technology in actual practice, which automatically makes it more interesting to CSOs. There is nothing about the technology that compels an enterprise to toss out all its landlines, and from a security perspective, there are plenty of reasons not to do so. Landlines have their own power sources, work with 911 (VoIP does notat least, not yet) and are obligatory elements in a huge installed network of fire department and alarm company services, elevators and fax lines. POTS is there when an idiot with a backhoe cuts the LAN fiber; VoIP is there when a hurricane takes out the landline network. Further, once VoIP is in place, it is easy to run a wireless system on top of that (as the Bernalillo Court does). The technology permits a CSO to build a layered communications infrastructure of landlines, wired and wireless (lasers, microwaves) VoIP and cell phones, which makes communications almost impossible to interrupt or denyno matter what happens.

Still, it is true enough that the technology is vulnerable to network disorders. (Though, it might be noted that one security problem VoIP doesn't present in acute form is simple theft, since voice uses so few resources. But the concern is not zero; there is traffic in pilfered VoIP phone numbers.) This is a real-time technology that requires very low latencies (latency here refers to the time required to receive a response to a transmission) to be useful. Even a modest denial-of-service attackone that you would never notice in the course of conventional file requestscan make voice unusable.