Waterloo, Ontario (PRWEB) June 28, 2011
VoIP (Voice over Internet Protocol) consists of voice traffic travelling across the internet. This could include anything from computer-to-computer calls to foundations for corporate private branch exchanges (PBX). Even if a VoIP system will only be used as an extension of copper (PSTN) network, there are a number of security issues that IT staff may need to address.
Here are some key factors users want to consider when using VoIP with a business:
Is someone able to listen in on your calls as they travel through the internet?
These packets travel along the internet, often unencrypted, to get from point A to point B. Because they travel along internet lines, rather than phone provider copper lines, they cost much less. However, in most cases this means they are also easier to intercept.
Some PBX and VoIP providers are focused on business class service, ensuring, amongst other things, that only the caller and the recipient hear the conversation.
To stay ahead of competition in a growing global economy, it can be devastating to have ideas, client information, or company information fall into the wrong hands. Corporate espionage agents are very aware of VoIP insecurities, making it one of the first places to focus on when seeking information from an organization.
Also, if sensitive information (a client's legal or health information, for example) is obtained by an attack on inadequately secured IT infrastructure, including VoIP, a company could be held liable.
Are you paying long distance charges for someone else?
VoIP gateways operate on the internet as the intermediary between a desk phone and other VoIP gateways. This gateway, if not secured correctly, can be exploited to make long distance calls.
Often phone providers in other countries will hack into these gateways. Once successful they can send thousands of calls through them before IT staff are even aware of it.
There have been countless stories of businesses that have received 6-digit charges on their phone bills because their VoIP gateway was hacked.
In addition, a hacked gateway is not accepted as an excuse from paying these charges - businesses are liable for the phone bill.
If an employee with the right tools has access to the voice network, they may be able to proxy all of the calls in the network through their computer. This wouldn't be apparent to the legitimate user and as a result the offender would be able to eavesdrop on any call in that office.
The intercepted call could yield sensitive client data or company information that the employee might release to the public, causing irreversible damage to an organization.
Organizations can have a security audit of a voice network with a number of IT experts to make sure they do not become a victim of VoIP security explosions.
Where does this leave VoIP?
There are a number of things organizations and businesses can do to ensure their VoIP traffic is secure. If set up correctly they can actually make VoIP traffic more secure than most cell phones or landline calls. Here are some things to discuss with IT staff when implementing a VoIP solution:
– VoIP is very easy to establish, however it is vitally important to do so properly. Make sure that the individual(s) who implemented your organization's VoIP system are experts in the field. If not, it is a worthwhile investment to seek a consultant.
– Whenever possible, separate voice traffic from data traffic, whether digitally (VLAN) or by creating a physically separate infrastructure. In addition to protecting voice traffic, this will ensure that the systems do not interfere with each other. They can also use an access control list so that only voice devices are on the voice network.
– If you have a VoIP upstream provider, make sure IT are utilizing all of their encryption options. If they not sure how vulnerable you are, seek a consultant and/or have your IT team do a packet capture in front of the internet connection to see what can be intercepted.