VOIP Is As Secure As You Make It - Page 2

By Ellen Muraskin  |  Posted 2004-05-14 Print this article Print

Network Administrators Gone Bad, Not Mail Sorters
As for Willy in the mail room listening in on the CEOs conversation—well, to be a real VOIP-tapping threat, Willy needs to be something more like a network administrator. King tells me that since switches replaced hubs, its been difficult, if not impossible for anyone to eavesdrop on LAN-broadcasted traffic; its not broadcasted to the whole LAN. Since calls hit the switch and are immediately routed on specified ports to their destinations, it takes someone with access to the networking closet and rights to access the switchsomeone who has to know the port of the conversation that he wants to hear, and tap it with a span port. This is at least as difficult as sneaking into the locked telecom closet with a pair of alligator clips and a butt set. Having said all that, theres no denying that the migration of voice onto data networks has been viewed as a growing challenge to hackers and various other malefactors; and various service providers and hardware vendors have gone to some lengths to reassure the installing public. If that public wants VOIP to surpass TDM in impregnability, it can pay for the security by adding encryption technology to phonesets and gateways. As for denial of service attacks, the PBX can also have its lines all jammed by automated dialers; with these devices and flat-rate calling plans, its not a huge leap in time or cost over email spamming. There is a large library of literature on measures one can and should take to maximize security on converged voice/data networks; most of these coming under the category of commonly accepted network hygiene. SIP (Session Initiation Protocol) itself, if properly applied, has authentication mechanisms built-in.
Another important reason that the claim of VOIP vulnerability to the open Internet is largely a red herring: Jim has got business motivation for VOIP systems largely wrong in the first place. Its not about toll bypass, although it started off that way for hobbyists.
Telecom managers at big companies can negotiate such piddly per-minute rates from the telcos that at least domestically, theres little to be saved in circumventing the circuits of long distance carriers. The IP-PBX vendors tout such whiz-bang wonders as buddy list-driven phone calling (which I do find cool), but in fact, most VOIP systems being installed today are hooking up to the same PSTN (public switched telephone network) T1s or PRI trunks as the key systems and legacy PBXs they replace. These early installations are only using IP protocol to send and route calls across their own LANs, or perhaps to other branch offices on voice VLANs carved out of the company data network. As such, they inherit all of that WANs authentication precautions. They do not touch the Internet. Next Page: VOIP and the PBX orphanage.

Ellen Muraskin is editor of eWEEK.com's VOIP & Telephony Center. She has worked on the editorial staff at Computer Telephony, since renamed Communications Convergence, including three years as executive editor. Muraskin's work has also appeared in Popular Science magazine and other publications.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel