SPECIAL REPORT: IP Telephony
Voice Requires A Robust Level Of Security
The fact is voice applications demand a higher level of network performance that what “best effort” data networks provide. Performance requirements for voice are simply more stringent.
Adding voice to your data network or building a new network as part of an IP Telephony implementation creates increasing demands around performance, security and interoperability.
The fact is voice applications demand a higher level of network performance that what “best effort” data networks provide. Performance requirements for voice are simply more stringent. Most legacy networks were not designed to handle voice, creating degradation of voice quality (QoS) and create new paths for security breaches that would impact availability of voice.
A study by Infonetics Research shows that 2/3 of IP Telephony deployments required a router upgrade to support voice traffic. That's because the jitter, latency and packet retransmissions that may be just fine for data traffic are major issues for voice, causing problems like poor voice quality, eavesdropping, toll-fraud and inadequate service availability. In turn, data network performance is impacted by the additional voice traffic, affecting applications such as email, document transfer and Web performance.
If a VoIP system is compromised it could provide a backdoor entrance to an agency LAN which could lead to a host of problems including viruses, worms, denial of service (DoS) attacks and unauthorized access. Network infrastructure and IP telephony elements not standards compliant and tested for interoperability are another source of service disruption and poor voice quality.
All of the above are what can happen. So how do you mitigate your risks?
Sprint's Joel Whitaker told 1105 Government Information Group Custom Media that your efforts start with having the right people on the job.
“You need to make sure that whoever you are dealing with understands specifically how security is impacted when you move to an IP infrastructure,” said Whitaker. Then he counsels to take stock of what you have and what you need.
“Do you need encryption on your packets of voice data? Do you need to be able to control who can access your systems? Do you use things like access control lists to make sure that only people who are a part of your company actually can participate in the voice over IP space? Do you have specialized firewalls that you need to protect you from some of the new threats you get because it's now voice over IP rather than just standard data over IP?”
To illustrate his point, Whitaker described how firewalls are great and they are smart and they know a lot of things, but typically firewalls don't dig down into the packets to see what's in there.
Voice firewalls are just one example what people need to think about when considering an Internet Telephony or VoIP installation.
“In the VoIP space there are some nasty things that could be done to you if you are not careful with respect to
understanding what could be inside those packets,” warned Whitaker.” They require fancier firewalls – I like to call them voice firewalls for want of a better term – that are actually aware of what is in those packets.
They can look down in there to see what is going on. It is very important to consider implementation of those to help protect your voice infrastructure from any nastiness out there.”
Whitaker said Sprint has devices such as application layer gateways and session border controllers - that act as voice firewalls and can protect a customers' voice infrastructure.
Voice firewalls are just an example of some of the things people need to start thinking about when considering a VoIP installation. And network security and infrastructure elements must protect the entire network from the vulnerabilities introduced by VoIP added Whitaker.
That means that IP telephony applications and network infrastructure components must be jointly tested to ensure network security, availability and resiliency. It also means that infrastructure and IP telephony vendors must commit to making interoperability a priority as new standards are introduced.