VoIP Security

By | August 15, 2006

There’s no doubt that Voice over IP (VoIP) is the future of telephony. What started as a rather cumbersome way for budget-conscious enthusiasts to talk to each other using their computers has now developed into something of much greater significance – IP telephony, a new way of delivering fully-featured phone services that promises big cost savings and opens the way for a whole new range of multimedia communication services.

The new technology promises significant benefits. Organisations save by eliminating the need to operate separate voice and data networks to connect their employees and facilities, for example. They can also improve their efficiency and flexibility. IP phones aren’t constrained by the need for a dedicated line back to an exchange. This removes the ties between phone numbers and the phones themselves – numbers can instead be allocated to people and associated with whichever phone the user chooses to log in to, wherever on the corporate network that might be. This not only makes flexible working much easier, it creates new opportunities when it comes to the allocation of work to employees. Where IP telephony is used, anyone can log in to take calls to the call centre, for example – not just those in the call centre itself.

With benefits such as these, the fact that IP telephony has a great deal to offer is without doubt. But is it secure? And will it work as reliably as the phone networks we’ve been used to?

Given that IP telephony is delivered using the same underlying technologies as the internet and corporate intranets, such questions are inevitable – and fully justified. After all, computer systems have long been subject to attacks from hackers, spammers, fraudsters and others of malicious intent. And while firewalls, intrusion detection systems and antivirus/antispam software are an effective defence, they aren’t perfect. Some attacks will strike home, rendering computer systems useless or opening doors that thieves and fraudsters can exploit.

So what’s the position regarding IP telephony and the underlying technology, VoIP? What are their weaknesses and vulnerabilities? And how do you protect against them?

The security challenge

IP telephony is both the result and the victim of convergence. Made possible by the fusion of computing and communications technologies, it is a potential target for all the different kinds of attack that have faced computers and phone systems in the past. Thus far, attacks have been limited, but experts expect them to increase as IP telephony becomes more popular, more widespread and therefore a more tempting target – one that will become easier to exploit as the number of peer-to-peer connections between IP telephony systems increases.

Leave a Reply