VOIP & Telephony - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  VOIP & Telephony


Keep Voice Off the Internet



 By: Wayne Rash
2005-02-09
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this VOIP & Telephony story.


Rate This Article:
Poor Best
Opinion: The new VOIP Security Alliance worries about threats from the Internet, but should you even be there?

When the VOIP Security Alliance announced its existence on Monday, the group said that it was focusing on the kinds of threats we already see on the Internet. Things such as spam aimed at VOIP systems, denial-of-service attacks, perhaps exploits aimed at telephony equipment or at routers that move calls from place to place. Its a nice idea in one way. It is ahead of the threat.

Click here to read more about VOIPSA.

But it begs some larger questions. Two of these are first, how is the packetized traffic used by VOIP somehow different from other traffic? And second, what on earth is your mission-critical voice traffic doing on the Internet anyway?

While VOIPSA makes some good points about the need to protect voice traffic, in reality such protection depends on exactly the same good network design as that for data traffic. Yes, you must make sure that your firewalls and routers are designed to handle voice traffic and the signaling that goes with it, but the problem is not fundamentally different. And yes, voice traffic is much more sensitive to jitter and latency than are other types of data traffic, but once again, these issues are related to good network design and proper configuration. They arent security issues that are somehow unique to VOIP.

Yes, you will have to have your network properly designed if you plan to add VOIP to your data network. You will need to implement QOS (quality of service) protocols on the switches, routers or other infrastructure through which your voice traffic must pass. And you must make sure that you implement firewalls that dont introduce too much latency and that are also able to pass the H.323 or SIP (Session Initiation Protocol) signaling information that your VOIP system will need. And yes, you must use a firewall. But again, this is all part of proper design that youd use for any sensitive traffic, not just VOIP.

The statements given by the VOIPSA members when they announced the organization make references to the problems that might be caused by Internet-based attacks against a corporate network that carries both data and voice traffic. And that brings up the second issue. Why in the world would you be exposing yourself to that risk in the first place?

The open Internet is a wonderful thing. Its absolutely vital as a business tool, and its critical for commerce as we know it. But that doesnt mean this is the place you should put your mission-critical voice traffic. Its not designed for that. Leaving aside the security issues, you have no control over the quality of the connection youre going to be depending on. You have no way to enforce quality requirements. You cant do anything about congestion, packet loss or delays, and you cant do anything about latency.

Resource Library:
Skype releases VOIP software for the Mac and Linux. Click here to read more.

Yes, plenty of voice traffic goes over the Internet every day, and a lot of it does very well. But that doesnt mean you can depend on it, because you cant. Likewise, you cant depend on the Internet to meet your security needs. And you shouldnt. If you need a long-haul backbone to connect major offices, you also need a dedicated network with guaranteed bandwidth and the service-level agreements to make sure it stays that way. And while you should routinely encrypt such traffic anyway, you arent likely to be running across the hackers, worms, viruses and other evidence of barbarism that you find on the Internet.

And in those cases where you have no choice but to use the Internet, you use the same security practices you would use for other sensitive data, including a good solid firewall at each end and a well-designed VPN (virtual private network) tunnel in between. And yes, there will still be risks to people who use Vonage and other private VOIP services, but those shouldnt be part of your corporate solution in any case.

None of this is to suggest that VOIPSA is a bad idea. Its not. As was said in a recent interview, it gets the problem on everyones radar, at least. And thats important. VOIP security isnt really any different from the security on your data network, but its also no less important. If the organization accomplishes that, it will have accomplished a lot.

Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.



  Reader Comments: Keep Voice Off the Internet
>>> Be the FIRST to comment on this article!
 

 
 
>>> More VOIP & Telephony Articles          >>> More By Wayne Rash
 


xr({\w@"{/iJe[+eiƙ}JEĘ"Hʶ&_^by 7]hɗdxjl@oh4^ȅ=&> :74ϸ7?O@BFNtk ]UHwWjc ;0\> \>g=Qȿ^  tjw0]21$h(tL|OkEs _ľ^alM Lh:qF٨XCMI mbCG${@BKkVQWB-")u(!ZZzo JQza"Q}?_L-~k~>EF,KAV衂Ġ`W:+ ==}\to{{CNڟ:ggc:4t Wh: -N\kU[׏`C['^ćǩE & ư54}GIM&usLr(EB~9_^Cj&J UL_,8X߈KƗG!HY=GM 9ɔaPv tݰsvfX۴70S#P .1P3Z$`9"3Q=Pr &SH :6Eg)exH}/`I˪2T3$mQi:]$ySDD='g+/82.i"}(hyWҽws Yt;esJVd];׽E֏FZpx=n[7һ^ڠXXѡaZ`Ap)K.qƸ@]T77j 6ORZ/JT-|h a`qaѥB]7F >~Ӂf4aN Guٴ1Tm;4d}t>჊(>hƋm<<7UI70i3 ݺzNnXE*tÇ95|SD% h-DCwu0Iձeg&S@yo9ǻeromM~(wEn0T}a vh g]*~3`5w= | X.Gs 6Gz:4-0(gAGװaHE˕F }»@Fa$"D%  h4AGEEN@@7w$],KI+\z"\ cvn ˥=*%4fqR%a Sʴ$&vZLbmD6],rS mo -Muc{TrP&G#S3a 3z {[5̴t҂%(𝀜`SԐ(Ę=sYuh=@zuo9:\VM˵~& &/| `0'X6O Դa81 ՠmZ&F,G7q9꺖ir*W ,q;rd**<\yO詉m>);ewP$X.MME;a7˄L4 +״UPL Χ<*]hs< ):[ȭO,r12@e_rH1g0Daęh{1#%Ag =e河xtYKnuo?յ݋wz9(i]hk%\7Bɶ/^¢xmP2֡4P֦(h+ezdx($me2L686p@#>3l{`(`( KBʊTcګi3wtd xAqFF f ] ҆lx ku;v\cOzꃵOn'j@uclr g{飄YXp܉881` E@֨P䚜LsE1z q tX?h@.EjбSTabia;m/ UK_Q6Oomj+CoTrJCm0 G5_3Ou']1/=PZ`!?T$ qϱ#Y/9-0cYC6bdT#(-E\&= G.5uH85 \qq~a~"Q,q.|?|12qÜa&?@&R)C1SghiGǙ-C&jA$U4 ẅ́o6ǾJ9o+<EHE~a"= il% u"d(Q|&j*VH07plI tl2FuIMY-! 0&TX2H=Cy>n3uQN*.s73g TgHZ+kP*\KrZEf1/XO)="1㻆c8о8A p/L7Z5AK>unAWV}G>N&,h'^ː]M;HhG ã2T.'1P^P}P]JW(H3A7=C fAO(ۉ6{1 vȿ1k3w kq 5 EQ9gw-)Ӱ%FJP &)l_`wg*Q :AW{0 X0ffsbwy0-| ?Ԋkάt Cf75"SAۢ_@7dzP+54XE‡1"E z p[kh0('v*.Q^l$R*ѦC.71^*==@7_ -Me;4 /-`Iٛ'oz2-rfz釛L+ 0j(Yk|[` rfVɭ:N6霎0t Mg\Vrb_,0ƹ! =)3Pn2R󓩻vPFGpA G}jw3W<~Ďlm,LnQya%]Ŝ@0͜)6@yz (nG8fWj%~f^𥰽V5sp=mzJeR)Y)$ {F2U1p\SEum6Z,KA^F;*&K?@Zh㪏 ].qLsP$XRNb*,E$b (NZ HXٔJ_ kT+u-,C>cO zQ|Z#7:j|>rsO$Nn[URXRB/ \uO 9 ^u TKfb;߯Z57 X~s΀2|rP͖O%4eS/ -9@_y}5Q(4MurKz]wѺZ8c̚ÒfDK,*.I,G* -e4#Eڝ(+Y]X+ rExn:0ɘُiD[ {q2LLi; @+r#P4uƈkS@Jڣ\'gɒX' C*Z<]QOSAz& 2vB亞q]6 ws[^?qp/-492=QhZavW++e4A48'>;﫶ٿ:NPy9;GyZ}cq>*tNڿr糛ǫs:k4.[-tJ*LR({NC?JfWKILaц.ڧ0CfɁu%sٺ9\/~w/7(^\tB1~dFHNк]$'d0 s|n݄'7|L`jX&IFyD#V5C4W{PMR ^gh9[R> r&xf"64@OlOq/ +xaESrkW~vh?yXT5mbtUOZ i]}&GmЯ>( I-н6 .5ՅO>O4dX 'FVe5bOf0{?BI턟isCTΑ$ؘ$Ⴄ JAVP*,2(vȔN Hƣ|oڗ`@7COҁy&-3(l#{Zڝ:=Dɥn~i:T xBo~R=ܰwߵ}*=oӧ<--RcCqEkEwWU T⒏7"E;#ڬ/Ι x < v4.߮^ "B;BJ ½,M#G?[Fn3db܆~@F FZXW+2?7c#ޚU>=d$T~vO4.M}Jf` 4e(C/W ̮@WC B Y(;se<% .pIW"X8)dB!/$EDfbl)RLbh> b]dWA`/y~. W#C@@oڟ:[z.&™#dXd|R)G80Oj*u/ZZ<˵ e2y@3b)T+ l~@$l!_׆=(MZ̲-28\82` 5he7T8T"TE%qGG$aIHBA~ =&[ 6k]%C/g~TZC$Bb LG9dpxaAG(,{ rE7tL>pGI2H.D4@X-hЩ rB-|0"ňj[ 8m'EiiyY0p2VFt Pj΀Ar0+&/RU똜w=}yoF[%B+RV_O1c^m1>X<Cz:tRbDzW2$B(PX"@E챇d *mI+REPhp:8Hi/y֊/y]A8m Fqs ' n O΅0$=.(F=$xC"`\0Is?Κ%tvɴ }l(}MD%p4_jm^]>ɐxz,z3jfl ܡ˻+L)#Gbx,.+hƞ_ݐ^)cB}M1>FSĹкœe'it' >a)>Iz0@櫁ڐNKogA/ICtln豇Rp>N=aB6 `ڠ2:IB':aI:aпb}s4.1|%@kOWkFs* St{MtGHbr I$1 U> Y 4Vy=vW r \94. L ,Wn_vtoM$1$ i=Iykl[!M ~^´1E!ͭ/:Ű61|)∈7G.8^ ws\O͓͓͓͓{reԾ6On #n^Ǫ,C#yBxOCapdaX g00f0hxPtr1c zU釀JYf}`ln皚}061u'91"&d>AA]z%ަfW{ӷ +>hz{f:hHB́6XLydt!tz;(u혚kޡ Tl>aWu,.Yzs~3O:yj̠>12liMA*=Ur܇[=MԬE5L;&YJE*`\Ɗ8[YR@b膙n ,ô>ϙz @/y~?yL4hνc5O~{_ʫK٨_{< uu`"Z ̅E=I^ٛIU %6Y~gj a#blpc"30U5ϡ;~?݃zo]A'@<[z`_WjoZWqi1-s9kƦΐY?qñŃky T}7zaS@aՉ(^yLfSxj fi" :&Mʽ6NO~ Ndw;]:{sS턷R- McȔ'ζy 2~H!<5Vօ={=-p I/Of2  *vך t]5;Uhyl?t D_'!+jb`!N#|HoIAwq44zD?S9ex|DWcu8}bD2XzXrBim2} L]O!-H!-DHona zuZ& @$y9AQmEMe&^ 0ka)"lRK!'q/丱+zE&tCsX~CNE y36:ZKCkm.95"E/G tMs85VJj~zr_ZRӂ,w9]Fdo01U]έ1ȃ*B UNf<5T.7*R!ѤF'ZjARdsL75E͈'^v˚ lzYCⵧJ[76.W@O[jjwghDP"MNDZ`h*Wz m.- ;,Ot.Xq;E>B4lSKaZ`G$~TRU D#<$&E"%M#jj~JQ*˕Jw(/>eӗ7}qrMJ$YZ JִaԃT#7 ї昧XI`z§E2qrF@Yj$G؍6H' q}n\mozȐ;3&>{~`#o'uNG a&Pxd奠+]zq٥MOC^!&S:>s8Sx-r)G@nÝh|sՓ"1";W04P0J#(S[]Ă0>]4?Qn=h MꚄOR λ",=r0gwy |͊W2q΅&JZ `xFNPrdDhz߇{#05u*a3\'}7cgrڽ!-rznǣM^E7a[+N|Uw'ןO;WU?<5=|j-ۼPW6/ vg(P^.N8S21\*b4,xj E^>M`T՞? N L*ae5DC*9[cc urrllŵ6N5LۢW%ǎ!uehM-GƐUjz63aX_?E/}ҽj皡IJ./23_3of}q (QޅnF9Rz} झQ~ O?9e#\_~5;;'f$g:WNF?2?C">he\/3 /~/3{ %2c@y yAȣW2ϡ<_PK((ʘ+ ʘ..ȟn|fȗk 3޿ɠ11>_?@/?}}̠OP))c|2w Y@{ f wAI]'z[|ֺƅ)QFy9<ʠrEU৬rXB]f@yVD=^bMxE,D<mctslEB`T7'%YØܻ Gz‰n} '?hĻ/Lٞ܃~en^κLޓ-A+0.: 7W46&7S&.pqk;ُϋGkwՕq@Afb 9dyԿ&OxV&?q> xPxZLԸLG0oQV" #@o>T)kzY~8-hЍMG^LUbp:kӇl(O:28 ߜ:Ha4;:w_a% /`xi<_Bcع@ Yj<} =nΘ^;Pf; 9w6*%E)U-Wj%WnG'A$e>AD ]FdE%QIPJE:(QPफ़h[vRboR`' YZ8an%[{$~@x17x^z_mBRPkzTyF ڎy@&7J,4wW;SِD@.^3_mov1*m_`-YkMD ҂Yhk䣿 t8ES)049Kh ` z}y<8VA)aL-OoTu9z\n2%83.U{:o`Tx(T r"^L|vu߱dk4 ߠWb5m"{9|6RFՏDG[jM,fhbErd9~U C[3du#fӍp$1ʹ&~%6$xw.|zG3@-܆ Ƕp1g[=ǙېZ^ݕ]ݎ:S ϟV3l}k)K„KCC]Eq }{y>X8]vU$$ }= zJZoTs(F>р-<5S>ao5RFX&T-_Gk~r:פǯ܊WGc7l^U(z1̸:ΐR(xK% !+ Ehn a W3v,=C[_5 \F3q2 Y8R"?ްylo%0)$qfKlClPխVoUim@M.^ \nXD=DoQQ9jkA/?tIS۱x&%Ս}YQ z|.yzckNߌ*iů'?B^!t#B.܋OFېo)0XPywFo/yp@ >sojAd>X6}ٲs>V.0mefZ7-[@5E`0l`e ,, zAn0$ /1-ixEecC`:=_vs[>'_`UY /(:OOg3Z %-_Hʶ›* }XVc 04*059'ㆣ Vmx ut+y!.0w: ˟zTqٶ75Pںi#¶U4-_ +lˢM 9+߶qݼ¶,yXF4XS'5gâ@XVO=e_1xN|,XW}qx}r2^9FB~eOX\FyYU~ҥN.I,'_ڡQd+8*)ؐs k` bO1,sLf7}ÛN*)Asa#yl [Ap^׎ejs?"Y4/ǎ;)ȏ|3 .^sulE^F#|fA0jPLP9- a0*)>ڧ-hs&ǂ)y0ǕM3DM1F(ͦ41f3]L*@<փ LW{@ۅGQ:;l4ݐТV"Ď'֊GnrmmckJ>dSC'@j0\|1 d9[HօT*ƵxBG4| bYx ^Tf}/)Z/π.ȟU --@V$/@ʞ 4vqO6O}C;ٍ'u?i1eOhL2 ĮkEml C5 ɂk}7WP7VtRGsFnRDsQ̱˺asai_)F9OMTȨߣ+];1#;4z7ʰY"Й;%IS`\oB~+Ԥȴ@N]^Ԩ8`~6itR*ٌ>Åyx7\ ҚxME%z5}8H B`у&R_nexmPћgӡ {Qrlf_zBӄAbŞDz(/&?H֗!֏%iOhYlYX`CMA 6.֍`77:q<ࣵOqw[X?8R 3wG{x(2LLsQ9_@[m<ʸ<\dѼ1nܫcoX(#z#-hܘ6Mm(qI_\=1 uCCd6`m XԝhO1:W鞣:Ċaع0 #яՙ};m=bcz+ ݡ]PR prwJE}hHw`;}eBD<+*5N 6ǾH_[PId'\8H _}& ab- +6eR=!bf:sЫ:*-EEGXS˧(BMXLC尜qѣL evxƑR>=a>Ί+Ta$_t0")_RRXV*/ TS0e 5KcDZC3qမeW:ȭe;MfGKXRMn_Yrp+-FZw3[ K}5d>8^e!էЕb)Ô^^ad hT/8o۝E0epW~