Sophos RSS Feeds
Deploying a full VoIP security solution requires combining, in a coherent manner, classical techniques for IP network protection with technologies specific to the special requirements of VoIP.
1. Protect protocols, end point devices, and servers
VoIP, as an IP-based application, is vulnerable to the same threats as traditional IP applications – including at the level of the network protocols, on client systems, servers, and in the operating systems (which run softphone and IPphone applications). VoIP protocols need to be filtered to ensure they respect standards, and corporate security policies. In particular VoIP depends on two separate protocols (signaling and media); the security solution needs to be capable of correlating one with the other.
2. Traffic Management, Prioritization, and QoS
VoIP is highly dependent on the quality of service. Voice traffic needs to be prioritised to esnure packets are not delayed, using QoS mechanisms; and bandwidth reservation must be used to ensure sufficient bandwidth is always available for voide traffic. Finally redundancy in network design and device deployment ensures services can be delivered even when network hardware has failed.
All of this is protected by restrictive security policies. For example to protect against channel hijacking, media channels are opened as late as possible and closed as fast possible following signaling channel connection negociations.
3. Synchronization of IP security policy and telephony security policy
Because convergence is still an ongoing process, the VoIP security policy needs to be coherent with pre-existing telephony security policies. For example, where policy blocked access to premium rate numbers, the same policy must be applied to VoIP terminals. Arkoon’s FireConverge® technology allows for the synchronization of VoIP and classic TDM telephony security policy.
