Is VOIP Secure?
Voice over IP is no longer tomorrow’s technology.
High-speed networks that integrate quality-of-service technology have come a long way in mitigating performance and availability issues. VoIP is short for Voice over Internet Protocol.
Is Voice over IP secure?
What about security? If your network is robust enough, securing Voice over IP is manageable. You’re feeling pretty good about VoIP running over your private network. Corporate intranets are a closed system, and any breaches of security must come from within.
But what about letting VoIP out into the world? How does the security of Internet VoIP compare with your current phone system?
Network connections to the outside world open your servers to access from unfriendly and unknown people.
Unlike traditional telephone numbers, there’s very little centralized control over the use of IP addresses.
This anonymity creates a fertile environment for address spoofing, which enables distributed denial-of-service (DDoS) attacks and other network compromises that could bring down your call-processing capabilities.
By definition, VoIP is vulnerable to all of the intrinsic security problems in IP.
When you conduct business on the Internet, you’re turning control of your data and/or voice transmission to other people’s networks–and some of those networks are more secure than others.
When it comes to outside communications with VoIP, weigh the potential cost savings and efficiencies gained by converging technologies against the risk.
If you’re already transmitting and receiving sensitive data over the Internet, you’ve gone to considerable lengths to protect that data.
This is almost surely more sensitive than your voice traffic and no less vulnerable to attack.
These safeguards can be leveraged to help secure VoIP over the Internet.
What About Packet Sniffing?
The first step in sniffing a conversation is to gain physical access to the packets.
This means having access to the switches and/or the corporate backbone network.
But those same switches carry critical corporate data, which is far more sensitive than your conversations. If you’ve secured data against sniffing, you’ve secured voice.
If you haven’t protected your data, voice packet sniffing isn’t your most serious security problem.
But let’s say an intruder gains physical access, despite your best efforts. If it’s a traditional phone line, he’s practically listening already.
But if you’re using VoIP, he really has his work cut out for him.
First, consider what it takes to tap a traditional phone line.
If the conversation is still in analog format, the intruder simply taps onto the line using a “butt set” and starts listening.
Compare that with pulling a conversation out of an IP transmission. Voice packets are buried deep inside a sophisticated protocol stack.
So, Is VoIP Secure?
It’s a lot easier to listen to a conversation over a cubicle wall than it is to tap a VoIP call.
Before you get excited about encoding all your IP telephony with IPSec, take some simple precautions like telling the sales force not to discuss key negotiations on their cellphones in a crowded airport.
And lock the doors to the equipment rooms!
If you’re planning to deploy VoIP, you’ll need to take some steps to make the data network more secure, especially if you haven’t performed an overall security audit recently.
But the bottom line remains that for most corporations, we’re already crossing the threshold where there’s a higher level of security needed for data applications than for phone conversations.
The odds are that you actually could improve your level of telephony security as compared with traditional telephony simply by piggybacking your voice onto the more secure data network.
There’s even a question as to how secure VoIP should be. For instance, there are legitimate concerns from the law enforcement community about whether advanced voice networks are “too secure” for court-sanctioned wiretapping.
VoIP is probably as secure as traditional telephony and a lot more secure in most cases than your cellphone.
Balance sufficient security against risks and benefits. If the effort of required to obtain the information in a VoIP call is greater than the intrinsic value of the information, VoIP could be considered “secure enough.”