Voice over IP (VoIP) has become very popular. The main reason for the success of VoIP is lower costs for telephone calls but VoIP offers several other advantages over the old PSTN based telephone lines. With the increased use of VoIP, security has become much more important. Here is an overview of common VoIP security issues.
VoIP is taking over from the traditional PSTN, packet-switched telephone network, phone services. Not only does VoIP cut costs but it also offers additional features compared with the old telephone lines. Typically, features such as voicemail and teleconferencing are included. VoIP telephones can be either a softphone, which is software running on a computer, or a normal telephone which is connected to an IP network rather than the traditional phone network. Softphones are very handy for professional who are often on the road. VoIP allows them to use their laptop as a phone. This makes it possible to work from home or from any place with a fast and reliable Internet connection.
Of course, VoIP also have some disadvantages. First, a fast and reliable Internet connection is necessary. This is nowadays seldom a real problem. But the quality of service is a potential problem, regardless of what kind of local Internet connection is being used. In the old PSTN networks, once a connection had been set up, the quality of the service was guaranteed. Even if some hiccups happened once in a while, the service was reliable. Standard VoIP does not guarantee anything, it works on a best effort basis. Packets could be lost or received out of order. Thus, VoIP calls may suffer from jitter and significant latency.
But security may be the most serious problem with VoIP. While eavesdropping on PSTN telephone lines required wire-tapping, which required access to the physical telephone line, VoIP calls can potentially be relatively easy to record.
One problem is that VoIP communication is by default not encrypted. There is no protection against unauthorized access of the communication. This is a major problem for many organizations. Not only is it possible to eavesdrop, a sophisticated attacker could even alter the packets. A number of solutions have been developed. Unfortunately, most of the solutions require that everyone is using the same product.
Since VoIP is still a relatively new technology, a number of security issues still need to be solved. One company had increased its profits by illegally routing VoIP traffic through their network and charging the clients for the traffic. The fraudsters were not interested in eavesdropping on the traffic, they just made sure that the packets got directed into their network so they could charge for the traffic.
In many ways, securing VoIP networks is not much different from securing standard data networks. Physical access to the network equipment and cabling must be limited. For firewalls, VoIP creates a couple of new challenges. The main problem is that traditional scanning of the packets takes too long time. But newer firewalls are VoIP aware and generally handle VoIP traffic without causing any major hiccups.
In order to keep up with security issues, VoIP telephones need to be patched regularly. This can be a problem in organizations that have given the administration of the VoIP telephones to the same staff that used to manage the traditional phones. In some cases, the default update procedure for VoIP telephones is not secure.
The security of VoIP is also dependent on the overall network security. If the network security is weak, VoIP will be vulnerable as well. Additionally, the security of softphones is dependent on the security of the operating system of the computer. It is also worth noting that VoIP is vulnerable to denial-of-service attacks. A successful DOS attack may take down an organization’s complete telephone service.
Another potential problem is SPIT, spam over IP telephony. It is easy for sophisticated spammers to send out unsolicited messages to VoIP telephones. This could also be used for DOS attacks. Fortunately, firewalls can be used to control SPIT. But it is still too early to say how large problem SPIT will become for VoIP users.