Government Technology
Government Technology: State & Local Government News Articles

Sidebar: How Secure Is VoIP?

Bookmark and Share
Comment
You May Also Like

Apr 11, 2008,

VoIP-enabled telephone systems are becoming more widely accepted and utilized, with VoIP adoption expected to triple by 2010 among small organizations in North America, according to a study by Infonetics Research.

While VoIP technology is cheaper and more flexible because it uses the Internet for phone calls, these digital phone systems are susceptible to the same dangers as Web-linked computer networks.

Since VoIP is basically a telephone call over the Internet, the biggest threat to VoIP systems is denial-of-service (DoS) attacks, according to Gartner. These attacks can be especially problematic in the VoIP environment because the network congestion from DoS attacks can make conversations unintelligible. Capturing VoIP packets, or "eavesdropping," is another concern, although the threat isn't yet prevalent and is overhyped, according to Gartner. Signaling protocols, which establish communication sessions between two or more endpoints, also can expose VoIP phone systems to intruders.

The most important precaution to take with any VoIP-based phone system is protecting the Internet protocol PBX system with an internal firewall to stop DoS attacks, said Lawrence Orans, a research director at Gartner. VoIP traffic should run through a separate Internet connection using a virtual local area network that separates voice and data. This prevents an Internet-based data attack that could use the VoIP network to attack the primary network.

"If you look at high-level security, there's nothing mysterious about VoIP," Orans said. "The same components that can be attacked by converging information can be avoided with VoIP by many of the same best practices used with networks, such as firewalls and vulnerability management."

A 2005 report by the National Institute of Standards and Technology (NIST) urged caution when implementing VoIP technology because of security concerns. The report also recommends that organizations build separate voice and data networks.

Yet many security measures implemented in traditional data networks are currently inapplicable to VoIP since it has a low tolerance for disruption and packet loss, the report said. NIST recommended that firewalls, intrusion detection systems and other security components be customized for VoIP.

Organizations should also avoid buying inexpensive VoIP systems that can be installed on standard desktops, since these systems tend to be insecure. NIST recommends strong authentication and access control on the voice gateway system and using "stateful" packet filters that can track the state of connections, and "deny" packets that are not part of a properly originated call.

 



Latest Government Technology News


Industry Solutions for Government

Read real world deployments of technology in government from our sponsors.

View All Industry Solutions

Related Products and Services

Marketplace


Get Public CIO's Bi-Weekly Newsletter
This section
brought to you by:

CA RC Q1 2010 Resource Center

Take our Identity
Lifecycle Management (ILM) Survey

Can your organization keep pace with its growing demands while enforcing security controls?

Take Survey Now!

Mainframe

White Paper: The Mainframe Opportunity IT Strategies For Achieving Breakthrough Value

Forrester conducted interviews with CIOs/CTOs of mainframe users in the US and Europe to better understand their strategies in the use of the mainframe.

Strategy Paper: CA's Mainframe 2.0 Strategy Roadmap

Fully capitalize on the potential value offered by the mainframe as the availability of mainframe professionals becomes increasingly constrained.

MF 2.0 Product Brochure

Mainframe 2.0 is CA’s new and far-reaching initiative that is changing the way the mainframe is managed forever.


Cybersecurity

IDC White Paper - Identity Lifecycle Management: Bringing Together Security, Identity and Compliance

Read this to learn about the technology and best practices needed to manage your identities throughout their lifecycle.

I Am Who I Say I Am

This paper discusses the drivers, responses and challenges associated with information security in Government.

Simplify and Secure: Managing User Identities Throughout their Lifecycles

Find solutions that simplify, automate and secure the activities for creating and modifying user identities and roles throughout the organization.

Virtualization / Cloud Computing

White Paper: Integrated Infrastructure and Performance Management for Virtualized Environments

Government agencies use virtualized environments to decrease costs, consolidate data centers and reduce environmental impacts.

CA Virtualization Management

CA Virtualization Management solutions provide integrated end-to-end management, automation and security which drive better outcomes.

Working Together to Maximize Business Value of Your IT Investments

VMware and CA have responded to your requirements by forging a solid partnership focused on your enterprise's needs.

Project and Portfolio Management

A Life Cycle Approach to Grants Management

Using project management at every stage of grant administration can maximize funds now and for the future.

A Platform for the New Transparency: Meeting the Challenge of ARRA Grants Management in State and Local Government

The sheer size of ARRA and new grant opportunities has had a tremendous impact on the workload of grants management staff. But the size of the program is only part of the story.

Success Stories: IT Governance: Making the Difference in Cities, Counties and States

Decision-makers need to align IT projects with organizational goals.  See how three agencies achieved this.

Yes! I would like more information about CA's solutions for Government.

Government Jobs

Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health