Voice over IP (VoIP), the use of the packet switched internet for telephony, has grown substantially in the past ten years. Securing VoIP has many challenges that do not exist in the public switched telephone network (PSTN), a circuit switched system. VoIP is an application running on the internet, and therefore inherits the internet’s security issues. It is important to realize that VoIP is a relatively young technology, and with any new technology, security typically improves with maturation. This paper identifies the top ten security issues commonly found in a corporate VoIP implementation, the methods to combat them, and security issues not fully addressed by the industry.
VoIP leverages the internet as an infrastructure for voice communications. Data packets carry voice in the same manner as general internet traffic. This configuration is more efficient than the PSTN network. VoIP can use one shared broadband circuit for many packet switched services; data, voice, and even video teleconferencing. Within an office environment, VoIP implementations often converge with the existing data network. While this consolidation reduces costs, it also places greater performance and security demands on the network switches. One cabling infrastructure, and one set of switches, manages network connectivity for both voice and data services. Some networks further collapse services such as wireless and video teleconferencing into the switch stack.
Routing traffic over the internet is inherently less secure than placing a call over traditional circuit switched networks. The internet is a dangerous place, and packet sniffers can grab unencrypted traffic. Some solutions utilize virtual private network (VPN) tunnels to connect a remote phone to the corporate office phone system. With two limitations, this solution works well. VPN’s can take some time to setup, so prior to placing or receiving phone calls, the VPN connection would need to be up and running. This process can...
Please join StudyMode to read the full document