Voice over IP Security

Much ink has been spilled over the vulnerabilities created by running voice traffic over data networks. But smart CSOs are, in fact, going to use voice over IPand similar forthcoming technologiesto their benefit.

Phones are unlike other network apps; people are not interested in entering user names and passwords every time they answer a call, which means finding other ways of negotiating authorization. Finally, again unlike most current network applications, a given VoIP conversation flows across many kinds of systems, including local LAN environments, all the flavors of Internet telephony in the world and POTS. And every time a packet crosses from one system to another, it runs a risk.

All this might add up to a case for giving VoIP a pass, but there are counterarguments. First, many of the security issues raised by VoIP security are not new and can be handled by simple security upgrades familiar from the world of virtual private networkssuch as extending the domain of encryption (including the encryption of routing information); imposing per-user authentication; regulating connection attempts with denial-of-service attack monitors; and supporting as many levels of redundancy as possible, down to and including fan, power and feed redundancies. Furthermore, the new issues that do arise will probably have to be addressed whether or not you install VoIP.The Broader Implications of VoIPMany analysts think the Internet is going through a change every bit as profound as the transition in the mid-'90s, when it went from an academic, research tool to the present mass medium. In this case, the change is from a relatively homogeneous, wired operating environment in which hundreds of millions of humans interact via store-and-forward technologiessuch as e-mailto a highly heterogenous system in which hundreds of billions of unmanned devices communicate in real-time, often wirelessly. In the security context alone, these devices might include lights, locks, cameras, microphones, loudspeakers, photocells, meters and counters, alarms, biometric devices, signs, and radio frequency identification tags for locations, vehicles and security-related inventory such as firearms. Ravenel's walkie-talkies and Moss's intercoms illustrate the trend.

This new Internet is going to require new thinking about security. For instance, since devices are inherently dumb, authentication will probably have to stop relying exclusively on end-based, challenge-and-response solutionssuch as typing in passwordsand look to supplementary technologies that live in the network. One might be device monitoring; the network will measure the behavior of each device against its operating history and different policy constraints as defined by the CSO. So, for instance, if the printer starts doing something novel, alarms will ring.

Not many dogmas run deeper than the one about how the Internet destroys locality. John Roese, CTO of Enterasys Networks, thinks locality is coming back big time, but as an authentication and authorization technique. Your laptop will gain access rights of Type A when it is detected in Room 100 and will lose them when it is taken out of that room. Roese thinks that even wireless devices (whose locations would be determined by access points triangulating signals or by planting address transponders into walls) will end up being controlled the same way. Another example he gives of the changes that will be required in security practices is remediation management. Right now, when a network has a problemsuch as a virus infectionit's shut down til all the nodes are cleaned. When the network is running the phones in addition to the elevators, the A/C, and the microwaves, you are going to have to be more careful about what you shut down.