Voice over IP (VoIP) is a hot topic at the moment but recent analyst reports point to an "alarming lack of protective security measures" in implementions and claim the technology leaves enterprises open to privacy violation, fraud and malicious attacks (Meta Group: Voice over IP Solutions Can Put Corporate Data 'on Speakerphone'). I agree. Security is paramount when implementing VoIP but not all solutions are created equal.
But the truth is the bottom-line benefits of VoIP are far too great to let these issues keep you on the fence. In reality, VoIP security is not as complicated or as difficult as some vendors would have you think.
Typically, most vendors think of security after the fact. In other words, they build their solution first, then think about how to make it secure. This is the wrong way to build a secure communications system. To be effective, security should be an integral part of the solution from day one. To ensure you get top-notch security from a VoIP system, you should be certain the products you are evaluating can offer voice encryption using the 128-bit AES standard. This standard provides a level of security that is almost impossible to breach. When voice streams are encrypted with the AES standard, network sniffers cannot be used to decode the traffic. It doesn't matter how good an encryption system is if people can't (or won't) use it.
Security code keys should appear on the telephone's display. Under this scenario, one caller reads the encryption key to the other caller. If the code keys match, the callers are secure in the knowledge there has been no "man-in-the-middle" attack. It also requires a stable operating system.
A robust telephone system is a mission-critical component of any successful business. Some telephony systems run on operating systems that are not only vulnerable to hacker and virus attacks, but are prone to crashes and constant reboots. Those systems based on real time Linux are much more secure and robust. Lock down all unused ports on the system and make sure firewalls and VPNs are built into the box.
The best VoIP systems build these features in.
Password protected logins may seem like a "no brainer", but some systems don't have them. Another important factor is authentication. The best VoIP systems authenticate all devices on the telephony network.
Tony Warhurst, manager, Zultys Australia.