While VoIP is an IP-based application, just like pure “data” applications in the enterprise, there are a certain number of considerations which make voice a particularly sensitive application from the network security point of view.
Application administration
Firstly, VoIP is a business-critical application. Just think about the damage that could be done if your corporate telephone network crashes: business grinds to a halt, your corporate image is impacted when customers can’t get through on the phone, and you may even be putting your employees at risk as the telephone is essential to calling for fire and ambulance services in case of accidents.
It is essential to clearly define the how VoIP is deployed and used so as to apply the security policies which will eliminate risk.
It is essential to clearly define the how VoIP is deployed and used so as to apply the security policies which will eliminate risk.
Service uptime
VoIP is a real-time application, particularly sensitive to degraded quality and denial of service attacks. For example, voice can quickly become difficult or even impossible to follow if only very slight delays occur on the line, delays which would have practically no impact on a traditional data application.
Such delays may be the result of bandwidth overload on traditional networks, or more difficult to detect electromagnetic interference on wireless networks.
Such delays may be the result of bandwidth overload on traditional networks, or more difficult to detect electromagnetic interference on wireless networks.
Information confidentiality
The confidentialy of information carried as VoIP telephone discussions is on of the key security problems that needs to be addressed. Generally based on the UDP transport-layer protocol, VoIP traffic is easily intercepted and calls can easily be “tapped”, invisibly, by third parties. But another threat is the use of popular communications tools such as Skype, Google Talk, and similar software utilities downloaded and installed by end users who are in the habit of using them on their home PC.
These work by building peer-to-peer networks based on proprietary transport and security protocols, bypassing corporate firewalls by encapsulating their proprietary protocols in standard web connections. Data (not just voice) is easily transferred into and out of the enterprise, completely bypassing enterprise security policies.
These work by building peer-to-peer networks based on proprietary transport and security protocols, bypassing corporate firewalls by encapsulating their proprietary protocols in standard web connections. Data (not just voice) is easily transferred into and out of the enterprise, completely bypassing enterprise security policies.
Voice/Data Convergence
VoIP is part of the phenomenon known as “convergence”, bringing voice and data together on the same network.
Convergence is the answer to the need for the enterprise to reduce costs – with voice and data running on converged networks, capital expenditure and operational expenditure can be rationalized. Convergence will not happen overnight; it’s a gradual process, migration to VoIP will take time.
Information security solutions need to be designed for VoIP, and need to adapt continuously to this ongoing process of migration. A particular need is to ensure consistency of telephony security policies across both heritage TDM telephony and VoIP deployments, which will typically be required to coexist for some time.
Convergence is the answer to the need for the enterprise to reduce costs – with voice and data running on converged networks, capital expenditure and operational expenditure can be rationalized. Convergence will not happen overnight; it’s a gradual process, migration to VoIP will take time.
Information security solutions need to be designed for VoIP, and need to adapt continuously to this ongoing process of migration. A particular need is to ensure consistency of telephony security policies across both heritage TDM telephony and VoIP deployments, which will typically be required to coexist for some time.
