How Secure Are Your VoIP Calls?

Updated: January 02, 2007

Sure, VoIP can be fast, cheap and efficient if you can manage the extra demands on your network—but is it secure?

Only as secure as the rest of your IT network. Unlike with the regular landline phone calls, it can be relatively easy to eavesdrop on VoIP calls, redirect them to other parties, or just engage in old-school scams by posing as a creditor or other fraudulent money-seeker. In addition, outsiders can hack into corporate networks and call from, say, New York to Japan on the company's dime. But if your existing IT system is secured, your VoIP system should follow.

There are potential problems with VoIP, but the major ones are much like the problems companies have with telecom today, says Jonathan Zar, secretary and outreach chair for the Voice over IP Security Alliance (VOIPSA) and managing director of Pingalo, Inc. "The biggest issues that we see, and what law enforcement sees, are around fraud and theft. While the other issues like [VoIP] spam are likely to become enforcement problems, the biggest concern for businesspeople should be protection against fraud and theft in all their various forms.

"Some of the most valuable information is exchanged through real-time communications: stock trades, confidential medical discussions and so on. ... The last thing you want is to have some competitors or worse, some criminal, have access to your data."

What to Do About It

Dan York, director of IP technology at Mitel Corp . and VOIPSA's best practices chair, says that compared with consumer VoIP, commercial enterprise VoIP systems are generally pretty secure.

"The enterprise stuff you'd have from Nortel , Alcatel , all the ‘Tels, they generally have secure solutions today, so when you put voice and call control out over the LAN, it has the potential to all be encrypted right off the bat.

"The message in enterprise VoIP is it's all secured, or can be. It's a question to ask your vendor: ‘What do you do to secure things on your LAN?'"

Mark Collier at the blog VoIP Lowdown recommends physical measures like having separate VLANs for voice and data, which allows your business to prioritize voice over data and monitor voice traffic more closely for fraud and eavesdropping. He emphasizes non-physical measures even more, such as firewalls, encryption , digital security certificates, intrusion-detection systems and other software-based measures that are already standard in the world of data security.

Jonathan Zar of Pingalo and VOIPSA recommends that CEOs and CIOs ask themselves a few questions about their overall communications picture. "Do we appreciate across the team the importance of protecting our phone conversations as well as your physical assets and documents? Are we taking all the steps required to protect ourselves from fraud and theft? Could we assure our investors, suppliers, customers, and any regulators in our industry, that we have done our best to protect all our communications?"

Dan York of Mitel and VOIPSA cites five specific factors CEOs should look at:

  • Protecting the voice stream from eavesdropping, a particular worry for financial institutions
  • Ensuring call control—that messages get from Point A to Point B without being modified
  • Securing and authenticating Web interfaces and APIs that monitor traffic
  • Monitoring connections with the legacy landline phone system against toll fraud and other unauthorized use
  • Securing the underlying TCP/IP network against attacks. The more attacks you deal with, the more phone conversation degrades.


Jonathan Zar sees any security problems stemming from VoIP as manageable and worthwhile, considering the opportunity involved.

"You don't reject the opportunity because of the risk; you act to maximize the benefit and minimize the risk."

Featured Research
  • Business Phone System Buyer's Guide

    Communication has been a focal point in business since inception, but the industry is changing drastically in how people connect to one another and what tools and systems they use to do so. Less than 15 years ago, 90% of people relied on landline phone systems for communication. Today, less than 60% of Americans even have a landline and 40% rely solely on their mobile phone. more

  • Ditch Your Fax Servers

    An in-house fax server gives an IT department centralized management and monitoring over the entire enterprise's faxing. This can help your company track usage and better maintain records for auditing and record keeping. However, there are serious drawbacks that come with utilizing an in-house fax server solution and these range from security to cost-prohibitive pricing. more

  • The IT Manager's Survival Guide

    As an IT manager, maintaining physical fax servers and infrastructure is not a high priority. However, fax capability remains a business need simply because chances are your industry is dependent on its security. What if there was a way to reduce the amount of time spent handling fax complaints and maintaining physical servers? And this way took into account security, cost savings, and freed up your IT resources. Would you be interested? more

  • The Top 10 Reasons Companies Continue to Fax in 2017

    Even though many won't admit it in public, many industries still rely heavily on sending faxes in one way or another. And believe it or not, fax usage is, in fact, going up and not down. Don't believe us? In a recent study, 82% of respondents stated that fax usage increased over the past year while only 19% stated that their fax usage went down. more

  • Top 11 VoIP Myths Busted

    VoIP is one of the fastest growing business communication technologies, with many saying that it will grow at a rate of 10% year over year for the foreseeable future. As with any new technology, there are many myths floating about that claim to answer the questions that surround how the new service works. more