Sidebar: How Secure Is VoIP?

E-mail
Print
Comment

Apr 11, 2008,

VoIP-enabled telephone systems are becoming more widely accepted and utilized, with VoIP adoption expected to triple by 2010 among small organizations in North America, according to a study by Infonetics Research.

While VoIP technology is cheaper and more flexible because it uses the Internet for phone calls, these digital phone systems are susceptible to the same dangers as Web-linked computer networks.

Since VoIP is basically a telephone call over the Internet, the biggest threat to VoIP systems is denial-of-service (DoS) attacks, according to Gartner. These attacks can be especially problematic in the VoIP environment because the network congestion from DoS attacks can make conversations unintelligible. Capturing VoIP packets, or "eavesdropping," is another concern, although the threat isn't yet prevalent and is overhyped, according to Gartner. Signaling protocols, which establish communication sessions between two or more endpoints, also can expose VoIP phone systems to intruders.

The most important precaution to take with any VoIP-based phone system is protecting the Internet protocol PBX system with an internal firewall to stop DoS attacks, said Lawrence Orans, a research director at Gartner. VoIP traffic should run through a separate Internet connection using a virtual local area network that separates voice and data. This prevents an Internet-based data attack that could use the VoIP network to attack the primary network.

"If you look at high-level security, there's nothing mysterious about VoIP," Orans said. "The same components that can be attacked by converging information can be avoided with VoIP by many of the same best practices used with networks, such as firewalls and vulnerability management."

A 2005 report by the National Institute of Standards and Technology (NIST) urged caution when implementing VoIP technology because of security concerns. The report also recommends that organizations build separate voice and data networks.

Yet many security measures implemented in traditional data networks are currently inapplicable to VoIP since it has a low tolerance for disruption and packet loss, the report said. NIST recommended that firewalls, intrusion detection systems and other security components be customized for VoIP.

Organizations should also avoid buying inexpensive VoIP systems that can be installed on standard desktops, since these systems tend to be insecure. NIST recommends strong authentication and access control on the voice gateway system and using "stateful" packet filters that can track the state of connections, and "deny" packets that are not part of a properly originated call.

If You Liked This Article, You May Also Like...

VoIP Cuts Telecom Costs for California Insurance Department

Latest Government Technology News

Colorado Executive Branch Saves Money With Cell-Phone Consolidation - Dec 2
Obama Names Napolitano as Homeland Security Secretary - Dec 1
Technology Helps Arkansas Fight Meth Manufacturers - Dec 1
Broadband Gap Narrows Among EU Countries - Dec 1
Study: Open Source and Next Generation of Enterprise IT - Dec 1

Industry Solutions for Government

Read real world deployments of technology in government from our sponsors.

View All Industry Solutions

Marketplace

This section
brought to you by:

Identity and Access Management Survey

Take the survey to:

Win 1 of 10 $25 Amazon Gift Cards!
Download the Center for Digital Government's: I Am Who I Say I Am whitepaper

Take the Survey Now!

SF Health Plan

Yes! I would like more information about CA's solutions for Government.

Security Management

The Evolution of Identity and Access Management IAM has become a key tool in the organization’s security and risk management efforts. Many Govt. organizations however, are not realizing the potential of a fully evolved IAM solution. This paper helps them achieve that goal.

How can a comprehensive IAM solution help me reduce security risk and achieve easier compliance? Identity and Access Management (IAM) solutions help you manage users and their access to your IT resources while acheving more effective compliance.

IT Governance

IT Governance: Making the Difference in Cities, Counties and States Project and portfolio management helps government respond to old and new challenges. Featuring case studies from California Department of Agriculture, New York City, and Oakland County, Michigan.

CA Information Governance Solution Brief The CA Information Governance solution helps you solve an array of challenges with unique offerings including federated records management, email management, retention management and business process automation.

Enterprise Management

IT Network Management: State and Local Governments Face New Challenges Network and voice management tools help agancies get optimum performance from today's increasingly complex networks.

Success Stories: San Francisco Health Plan San Francisco Health Plan helps more people access affordable healthcare by simplifying IT management

Success Stories: Social Services Agency, County of Santa Clara County of Santa Clara improves the quality of social services with simplified IT management

CA Network & Voice Management Solution Brief Integrated, fault and performance management for end-to-end service assurance of multi-vendor, multi-technology converged networks.

Risk Compliance and Best Practices

Key Trends in the IAM Market and how CA's R12 Suite Addresses these Trends Identity and Access Management (IAM) has been a major force in the enterprise IT marketplace for years now.This paper will address the question: What's driving interest in IAM solutions?

Network and VoiceManagement for Evolving Business IT management specialist CA provides a foundation for delivering the value of unified network and voice management

A Vision for Dynamic Business Service Management By applying new levels of consolidation, automation and insight, dynamic Business Svc Mgt delivers improved service levels and cost controls

Deploying the CMDB for Change & Configuration Management The Configuration Management Database (CMDB) plays a critical role within the ITIL framework.

The Changing Face of Network Management Automated NCCM tools reduce the downtime and degradation caused by configuration changes.

Magazines: Magazine Sites, Government Technology, Digital Communities, Public CIO, Emergency Management, Texas Technology, Email Newsletters, Advertise

Resources: Site Map, Search, Events,
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT

Top 10 News Topics: CIO/CTO, Economic Development, Emergency Management, Funding, Geospatial, Green Initiatives, Health Services, Policy/Management, Public Safety/Justice, Security, All Government News

Site owned by e.Republic, Inc., the nation's leading publishing, research, event, and new media company focused on information technology for the state/local government and education markets. Copyright © 1995-2008. All rights reserved. eRepublic, Inc.

Government Technology Magazine

Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.

Get FREE Subscription

Emergency Management Magazine

Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.

Get FREE Subscription

Public CIO Magazine

Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.

Get FREE Subscription

Digital Communities Magazine

Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.

Get FREE Subscription