More and more organisations are realising the benefits of convergence – running their voice and data networks over the same infrastructure to see enhanced scalability, reductions in cost and significant improvements in productivity.
The technology now exists that will let enterprises use just a single network platform for all manner of applications including unified messaging, video conferencing, and flexible remote access. And by having a single management platform to control both voice and data, they can make even more significant cost savings.
In addition, there are considerable savings to be made in hardware investment costs when businesses run both voice and data over the same infrastructure, and they eliminate the need for different maintenance contracts. In addition, cabling at the user site can be reduced by the provision of a single point, supporting both data and voice.
Nevertheless, despite the obvious benefits, the growth of convergence has brought with it some potential pitfalls that companies must be aware of. The most significant of these are the new security threats that have arisen, and the potential problems that can be encountered with the integrity of voice communications.
In the past, voice traffic has always been relatively secure in the proprietary operating environment of the customer´s PABX. But as it is now run over the IT infrastructure is has become just another application within a company´s data system. This means it is vulnerable in the same way as data traffic and can be affected by worms, viruses and password attacks, or even just simple network downtime.
The voice-signalling server, which is used to set up and administer calls, is one area that is potentially very vulnerable to attack. If its security is breached, attackers are able to access records of both incoming and outgoing calls as well as information about their timings. This information could be very valuable to people wanting to commit fraud or corporate espionage.
The reason that convergence makes voice traffic so much more vulnerable is that attackers no longer need physical access to the telephone line to be able to eavesdrop. With an old-fashioned TDM PBX switch, intruders would attach a bugging device to the physical line and eavesdrop on calls, but with the new technology they only have to penetrate the Voice over IP (VoIP) gateway to access voice conversations. The threats range from straightforward listening in, recording and replaying, to some cases where calls can even be redirected. Of course, should the voice network be penetrated then the data traffic will also be at risk, and vice versa. Organisations run the risk of having neither voice nor data traffic if they encounter any problems. It goes without saying therefore, that voice security is of critical importance. A failure in telephone systems can be disastrous for an organisation, especially if it takes down their data services simultaneously. So what can be done to protect voice traffic?
Making VoIP secure Voice traffic is at its most vulnerable when it is in transit, so it is then that security is paramount, and this is one of the main concerns for organisations. One tool that is popular is encryption; so that as voice data is transmitted over the network it is secure and can´t be accessed or intercepted.
Another threat that companies need to be aware of is intrusion – attackers infiltrating and corrupting the network, systems or applications. Typically this threat is managed by a system of passwords and access management to control who can do what. New forms of ´fingerprinting´ security systems are under development. These will track the activities of anyone breaking into the network and will identify and eliminate any viruses they leave behind.
However, the technology underpinning VoIP is still new, and relatively untested, so new vulnerabilities and weaknesses are being identified on a fairly regular basis – meaning systems are potentially open to a range of attacks, leading to possible ´denial of service´.
In spite of these continued threats, there is still some naivety about the sensitivity of the marketplace to voice performance and voice resilience. But the industry is now starting to appreciate the true benefits that can be achieved from robust voice solutions and how important it is to build this type of security functionality into applications from the beginning. To demonstrate this trend, many of the former data solutions giants are promoting their voice capability to make them stand out from their competitors.
Consequently, it is expected that there will be significant increase in solutions from the major providers to secure and protect IP telephony platforms, and there will be more demand from customers for products that are proven to be secure and reliable.
It is important that the large industry players take security seriously and take responsibility for integrating it into their systems, as many end users to do not have the budget or the in-house expertise and resources to manage the security implications of VoIP. It is up to the industry to show the end users how VoIP can be secured to give them the confidence they need to roll these systems out within their organisations.
VoIP security mustn´t be viewed in isolation. It is just one, albeit critical, part of the complex integration challenge facing providers of converged solutions today.
Historically voice networks have been built on long established and evolved standards, making them robust and reliable. In conjunction the process of PBX configuration had become almost routine and voice transmission plans, interface and integration processes well rehearsed and relatively problem-free.
Customers would typically specify the exact configuration and functionality of a PBX before purchase. The switch would then be shipped already pre-configured and connected to the installed network circuits on site. The whole system would then be ready to switch on.
As technology has evolved however, this process has become more complex, with more potential problems. Almost every element of the solution from the call server to the desktop has a high degree of proprietary customisation embedded within it, making configuration a much bigger task. The first step the solutions provider needs to take is build the voice servers, before installing Quality of Service across both the WAN and the LAN, and the finally overlaying the architecture with a protective security platform.
This type of implementation needs engineers and skilled technical consultants with in-depth multi-disciplinary and multi-vendor experience, coupled with a detailed awareness of the voice and data security requirements of IP networks. These experts will not just manage the implementation itself, but will also advise on the choice of solution to carry out the necessary systems integration . They will also be called upon to give advice and consultancy services to the organisation on in-house security policies and procedures.
However, this expertise can be difficult to find as there is a significant skills gap in the industry, and it is the industry that has to rectify the problem. The security of VoIP systems and networks often lies completely in the hands of the experts – and it is essential that these skills are nurtured and built upon.