VoIP and Security: What’s the Bottom Line?

By Gene Teglovic
Updated: January 31, 2011

If you are considering a Voice over Internet Protocol (VoIP) solution for your company, you may have some questions regarding VoIP security. VoIP technology faces many of the same vulnerabilities as other Internet traffic, and a few unique ones.

Many consumer VoIP products and solutions do not address security concerns as a high priority. VoIP service providers, however, realize how critical security is to their customers. While their products have vulnerabilities, as do all technology products, business class service providers deal with the security issue much better than freeware or low cost VoIP consumer product vendors do.

Go with a reputable VoIP service provider. Implementing a do-it-yourself, low-cost VoIP solution is asking for security headaches.

Common Security Threats and Mitigation Technologies

Most threats to VoIP solutions are a result of hackers gaining access to a business’s VoIP administration system, usually by finding holes in management software or gateways, to commit crimes such as:

  1. Toll fraud (a.k.a. “Phreaking”): Making or reselling calls on a large scale, sometimes resulting in millions of dollars of erroneous charges to businesses.
  2. Eavesdropping on calls to steal information such as passwords, phone numbers, voicemail messages, and other company data.
  3. Vishing (a.k.a. VoIP phishing): Impersonators leaving voicemails pretending to be a trusted source in attempts to get confidential information.
  4. SPIT (Spamming over Internet Telephony): Similar to email spamming, expect the hacker spams voicemails. This clogs up the system, leaving it more vulnerable to a hacker attack, and can contain malware.
  5. Call tampering: Intercepting phone calls in progress to insert noise packets, stop packets to inject silence, or masquerade as one of the parties.
  6. Viruses and other malware, in smart phones and system administrative software.
  7. Denial of Service (DoS) attacks.

While the list of threats may sound ominous, the cat is usually ahead of the mouse, and many technologies exist to combat these threats.

Firewalls, authentication, and encryption technologies are continually being enhanced to bring VoIP into their folds. VoIP service providers integrate this technology into their hardware and software products, and work quickly to plug holes in their security software.

What Can You Do?

First, understand how your prospective service provider protects VoIP calls. When you discuss and negotiate terms of service, ask questions such as:

  1. What firewalls do you have implemented in your gateways and other equipment that will be connected to my company’s network, phones, and computers?
  2. What assistance will you provide in configuring the firewalls so they remain secure?
  3. What authentication methods do you use for packets traveling from and into my premise?
  4. What encryption methods are in place for transmission of my voice packets?
  5. What security issues have been identified in your VoIP administration software? When and how are they being addressed? How will you help us ensure that we always get the latest security upgrades and patches.

Next, understand that while much of the responsibility for VoIP security lies on the service provider’s shoulders, your business needs to do its part.

Create a security policy as part of your VoIP implementation plan, and engage your service provider as a partner. Ensure the policy addresses items such as access to your VoIP system’s administrative software, installing the latest security upgrades, mobile access, and vulnerability of weak links such as smart phones and gateway connections.

In summary, your VoIP service provider must do its part, and you must do yours. Understand the threats and the technologies to mitigate them. Keep your service provider responsible, do your homework, and implement your security policies with vigor.
 

Featured Research
  • 8 Ways to Get More From Your VoIP System

    Many businesses adopt VoIP to take advantage of the cost savings without spending enough time reviewing the features and benefits made available by different solutions. If this is true for your business, there’s a good chance you could be getting more from your VoIP system in the form of even lower costs or improved employee productivity. You may even find that your current software offers features that you aren’t taking advantage of! more

  • 7 Ways the Wrong Phone System Can Haunt Your Business

    The wrong phone system could be haunting your business - and we’re talking about problems more serious than ghosts and ghouls. From increased costs to issues with scaling, we’ve identified seven important ways that a less than ideal phone system could be holding you back. You’ll be surprised at how much of a difference this can make to your bottom line too. more

  • Ditch Your Fax Servers

    An in-house fax server gives an IT department centralized management and monitoring over the entire enterprise's faxing. This can help your company track usage and better maintain records for auditing and record keeping. However, there are serious drawbacks that come with utilizing an in-house fax server solution and these range from security to cost-prohibitive pricing. more

  • The IT Manager's Survival Guide

    As an IT manager, maintaining physical fax servers and infrastructure is not a high priority. However, fax capability remains a business need simply because chances are your industry is dependent on its security. What if there was a way to reduce the amount of time spent handling fax complaints and maintaining physical servers? And this way took into account security, cost savings, and freed up your IT resources. Would you be interested? more

  • VoIP: Your New Secret Weapon for a Strong Year End

    As the end of 2017 nears, you may be feeling pressure to make sure you close the year out strong.If you’ve been sitting on the fence regarding VoIP, this may be the perfect time to switch. VoIP options had never been better or more full-featured than they are now, and it may be just the thing your business needs to see a productivity and profitability boost. more