Secure VoIP – an achievable goal

By | May 3, 2006

There’s no doubt that VoIP is the future of telephony. What started as a rather cumbersome way for budget-conscious enthusiasts to talk via their computers has now developed into a technology of much greater significance.

Ray StantonVoIP creates new ways of delivering fully-featured phone services that promise big cost savings and open the way for a whole new range of multimedia communication services. After years of ‘will it, won’t it’ speculation and unfulfilled predictions of universal adoption, Gartner is now positioning VoIP firmly on its way to the ‘plateau of productivity’ on its widely-respected technology hype cycle. But questions about its security and reliability persist.

Given that VoIP is delivered using the same underlying technologies as the internet and corporate intranets, such questions are inevitable. Will it deliver the seamless voice communications that we have all become accustomed to? What are its weaknesses and vulnerabilities? And how do you protect against them?

The security challenge

The fusion of computing and communications technologies has made VoIP possible. But converged networks are also the source of its potential weaknesses. VoIP is a combined target for the different kinds of attack that are faced by both computers and phone systems.

Attacks have been limited to date, but as VoIP becomes more pervasive, so the number of attacks can be expected to grow. What organisations using VoIP need to do is put in place a comprehensive security programme that ensure that any attempts on its integrity do not cause the damage that the attackers intended.

Much depends on how companies use VoIP. For example, IP phone services that operate over the public internet are more at risk than other applications of the technology. But they tend to be used by individuals and small businesses, so the results of failure are more likely to be irritating rather than catastrophic. Private IP phone networks that operate within a single organisation are inherently better protected, but because the value of the data involved is so much larger, the costs and consequences of service failures are often orders of magnitude greater.

Calling over the public internet

A growing number of services are available to allow people to make phone calls over the internet, typically taking advantage of unused capacity on the broadband link to a home or office.

Because these services all share network capacity with other traffic, calls can be subject to interference and interruption. This can be as much a result of legitimate peaks in demand as from more malicious threats like a denial of service attack launched on the relevant service operator’s infrastructure.

There is also the issue of enabling the data packets generated by phone calls to pass securely through PC, corporate and other firewalls. The activity generated by some VoIP applications shares characteristics with hacking attempts and other attacks which, in a well-protected system, makes it difficult for IT departments to allow calls to pass through a firewall without weakening defences.

For these reasons, many organisations prohibit the use of the VoIP services that operate over the public internet.

Making calls in private

When it comes to the use of VoIP to carry calls within organisations, the situation is somewhat different. Calls are typically received from the public telephone network using standard lines or T1/E1 connections. They are converted into VoIP by a gateway and relayed to specific IP phones using the company’s private data network.

Many companies operate logically separate networks, keeping voice and data traffic apart, and this separation can be maintained when sites are connected using an operator’s VPN. MPLS networks, for example, can be used to connect converged voice and data systems at different locations, enabling calls between employees to be kept ‘on network’.

The isolation of the corporate VoIP network from the public internet means that the risk of many forms of attack is minimised. However, even where logical network separation is used, some connections between the organisation’s VoIP infrastructure and its data network will remain.

This means there is the potential for an external attacker to set up a call from an internal IP phone out over a standard E1/T1 interface, which may not be noticed, unless some form of monitoring is used. This form of breach could be used to listen to a conversation is a room, for example, but would require a previous vulnerability, such as a Trojan, to be exploited to get internal access to devices from the outside.

The highest levels of security, including those required by CESG, necessitate a firewall being placed between the IP network and the device connecting to the E1/T1 interface. But at a commercial level the line could be just logged and monitored.

However, since such connections can be exploited by attackers who successfully breach the organisation’s outer defences, they should be minimised. Softphones – computers equipped with an application to allow them to make IP phone calls – create bridges between voice and data networks. For this reason, the US National Institute of Standards and Technology is among those that recommend they are not used whenever high standards of security and availability are required.

Installation issues

So what’s the solution? How do organisations reap the numerous benefits of VoIP without compromising their sensitive data and systems and the availability of their phone system. Whichever type of VoIP service is adopted, the first and most essential step is to ensure that it is correctly configured by qualified personnel with appropriate training and accreditation.

Leave a Reply