How Secure Are Your VoIP Calls?

Updated: January 02, 2007

Sure, VoIP can be fast, cheap and efficient if you can manage the extra demands on your network—but is it secure?

Only as secure as the rest of your IT network. Unlike with the regular landline phone calls, it can be relatively easy to eavesdrop on VoIP calls, redirect them to other parties, or just engage in old-school scams by posing as a creditor or other fraudulent money-seeker. In addition, outsiders can hack into corporate networks and call from, say, New York to Japan on the company's dime. But if your existing IT system is secured, your VoIP system should follow.

There are potential problems with VoIP, but the major ones are much like the problems companies have with telecom today, says Jonathan Zar, secretary and outreach chair for the Voice over IP Security Alliance (VOIPSA) and managing director of Pingalo, Inc. "The biggest issues that we see, and what law enforcement sees, are around fraud and theft. While the other issues like [VoIP] spam are likely to become enforcement problems, the biggest concern for businesspeople should be protection against fraud and theft in all their various forms.

"Some of the most valuable information is exchanged through real-time communications: stock trades, confidential medical discussions and so on. ... The last thing you want is to have some competitors or worse, some criminal, have access to your data."

What to Do About It

Dan York, director of IP technology at Mitel Corp . and VOIPSA's best practices chair, says that compared with consumer VoIP, commercial enterprise VoIP systems are generally pretty secure.

"The enterprise stuff you'd have from Nortel , Alcatel , all the ‘Tels, they generally have secure solutions today, so when you put voice and call control out over the LAN, it has the potential to all be encrypted right off the bat.

"The message in enterprise VoIP is it's all secured, or can be. It's a question to ask your vendor: ‘What do you do to secure things on your LAN?'"

Mark Collier at the blog VoIP Lowdown recommends physical measures like having separate VLANs for voice and data, which allows your business to prioritize voice over data and monitor voice traffic more closely for fraud and eavesdropping. He emphasizes non-physical measures even more, such as firewalls, encryption , digital security certificates, intrusion-detection systems and other software-based measures that are already standard in the world of data security.

Jonathan Zar of Pingalo and VOIPSA recommends that CEOs and CIOs ask themselves a few questions about their overall communications picture. "Do we appreciate across the team the importance of protecting our phone conversations as well as your physical assets and documents? Are we taking all the steps required to protect ourselves from fraud and theft? Could we assure our investors, suppliers, customers, and any regulators in our industry, that we have done our best to protect all our communications?"

Dan York of Mitel and VOIPSA cites five specific factors CEOs should look at:

  • Protecting the voice stream from eavesdropping, a particular worry for financial institutions
  • Ensuring call control—that messages get from Point A to Point B without being modified
  • Securing and authenticating Web interfaces and APIs that monitor traffic
  • Monitoring connections with the legacy landline phone system against toll fraud and other unauthorized use
  • Securing the underlying TCP/IP network against attacks. The more attacks you deal with, the more phone conversation degrades.


Jonathan Zar sees any security problems stemming from VoIP as manageable and worthwhile, considering the opportunity involved.

"You don't reject the opportunity because of the risk; you act to maximize the benefit and minimize the risk."

Featured Research
  • How VoIP is Transforming the Healthcare Industry

    The healthcare industry, like many industries, is in the midst of an era of rising costs and an ever increasing pressure to drive down expenses. Now, what if we were to tell you that there was a simple solution to these problems? The answer is VoIP. And to make it sweeter, it allows for your hospital staff to utilize modern mobile devices as resources instead of antiquated phone systems. more

  • [Infographic] 8 Common Pain Points UC Eliminates

    Every company has moments of frustration, it is when these moments become extended periods of inefficiency, or pain points, where we start to see loss in productivity and employee morale. What truly sets a successful business apart from those of its competitors, is how they take these pain points and use them as opportunities to improve upon procedures and systems to eliminate pain points and move beyond what was the status quo. more

  • Go VoIP and Go Green

    You may be looking to switch to VoIP because of the cost benefits that it will bring your company, but did you know that it is also FAR BETTER than traditional phone systems for the environment as well? With environmental impact being at the forefront of both consumer and business minds, it is essential that business decisions are made now based on economic AND ecological impact. more

  • eGuide: Comparing UC Vendors

    Changing your company’s business communications solution is an investment in time and money that will touch everyone in your organization. A successful unified communications (UC) deployment should streamline everyone’s work flow, simplify IT operations and deliver a lowered total cost of operations. Your company deserves nothing less. more

  • Getting More from Your VoIP System

    Too many businesses fall into the trap of setting up their VoIP as a "plug and play" and getting to work. However, we have found that this thinking only leads to businesses failing to get the most out of their VoIP experience. We have put together an in-depth guide that will walk you through 15 easy steps to get more out of your system. more