Securing Voice Over IP Phone Systems

In the age of VoIP when data and voice packets travel along the same cyber highway, it is natural that the number security concerns is growing. With more information binance signals that can be intercepted, corrupted or accessed unlawfully, hackers have more loopholes than ever to exploit for fun, or personal gain.

Those managing IT departments with VoIP systems should therefore do well to ensure that vulnerabilities are patched to minimize threats and mitigate possible effects on data and voice flow should there be attacks. For VoIP, the two factors that must be considered in detail are:

As voice calls can be easily intercepted and accessed by other people other than the intended recipient using packet sniffer and other packet capturing techniques, it is necessary to encrypt the signal and voice packets on the sending end and decrypt them only when needed by the intended recipient.

Packets can be encrypted at the IP level so that these are unintelligible to anyone who intercepts the VoIP traffic, using the IPSec encryption algorithms and security protocols. Encryption can also be done at application level with VoIPSec (VoIP using IPSec) that prevents man-in-the-middle attacks, packet sniffing and voice traffic analysis. Fortunately, obstacles in using IPSec or VoIPSec like slow crypto-engine that degrades Quality of Service (QoS) can now be overcome by new developments, such as VoIP-aware crypto scheduler that relieves the encryption bottlenecks.

Today’s networks almost always include firewalls that block intrusive, invasive or malicious traffic that tries to access a LAN, WAN or even just a single computer. It’s the first line of defense against attacks, with all traffic not meeting the firewall’s requirements being blocked.

Firewalls are both blessing and curse for VoIP networks. Since a firewall filters all traffic, it causes a bottleneck that real-time applications like VoIP hate, as these cause latency (delay), jitter and packet loss that ultimately result in poor voice quality. But the alternative to leaving some ports open to allow VoIP traffic to pass through unfiltered would expose the system to possible attacks. On the other hand, VoIP networks can be configured to simplify and centralize security configurations at the firewall gateway instead of having these at each endpoint, dramatically reducing the burden.

Leave a comment

Your email address will not be published.