A Proactive Approach to VoIP Security

By | April 26, 2006

The emergence of Voice-Over-IP (VoIP) technology is creating a major discontinuity in telecommunications. The promise of reduced hardware and operations costs coupled with new value-added services makes VoIP, as well as Internet Protocol(IP) TV, videoconferencing, IP Multimedia Subsystem (IMS) and presence services, a compelling solution for enterprises and service providers.

Current voice services which are delivered using Public Switched Telephone Networks (PSTN) provide high voice quality, very high reliability (99.999 per cent), carry critical services such as E911, enable federal agencies with ability for lawful intercept, all while offering an extremely high level of security. For VoIP networks to become a reality, both enterprises and service providers must be able to ensure that voice networks are able to deliver the identical quality, reliability, flexibility and security to that of PSTN.

With enterprises, carriers and cable companies publicly committing to VoIP deployments, security has quickly emerged as one of the biggest barriers to the successful deployment of VoIP. To securely implement VoIP networks a proactive approach and an understanding of the differences between VoIP and traditional data networks is required. This document examines these differences, new types of attacks, and provides a comprehensive security architecture for VoIP networks in the context of practical VoIP security problems.

VoIP is not just another application running on the top of the IP infrastructure. VoIP is a complex service. Similar to existing PSTN and Private Branch Exchange (PBX) offerings, VoIP has its own business models and features which are offered to the enduser. Over the years, service providers and PBX vendors have established their respective brands as being synonymous with high levels of reliability, quality and security and must preserve these attributes in their VoIP offerings.

VoIP characteristics include: high sensitivity to Quality of Service (QoS) parameters, the real-time nature of services, a wide range of infrastructure devices, protocols and applications, and interaction with the existing phone networks. These characteristics require different techniques and methodologies that will support PSTN-level security and reliability.

Click here to download the paper

Leave a Reply