Voice Over Internet Protocol (VoIP)

VoIP Implementation Guide

Security

Because voice is transmitted as data it is potentially more vulnerable to attack than a traditional telephone system. There are a number of ways you are at risk, including:

• exposure to malicious attacks or computer viruses;
• eavesdropping by competitors leading to loss of confidentiality and
• use by hackers of your network to make free calls.

An attack on the voice network may be unlikely, but if it were to succeed it would be crippling. The core techniques for securing voice networks are straightforward, things like firewalls, encryption and password protection, but they need to be embedded from the start in your strategy and planning.

In short, you need to make your VoIP system at least as secure as the rest of your network. Suppliers such as Avaya and Juniper Networks offer security features such as voice encryption for VoIP.

Here are some steps that can help protect your VoIP network.

• Place your IP-PBX servers behind firewalls so they cannot be accessed from the internet. Use intrusion-detection systems and install software patches promptly.
• Only give administration rights to certain, trusted members of staff. And set up access lists to limit usage to authorised users.
• Encrypt voice data while it is being digitised, ie in the phone or at the gateway.
• Require all phone points, especially LAN telephones, to have password-protected log-in procedures.
• Set up a virtual LAN so that data and voice transmissions use different parts of the network.