Jim Louderback was laying down the gauntlet and challenging me, his newly minted VOIP/Telecom topic center editor, when he wrote “Security Holes Make VOIP a Risky Business.” But he flings his glove upon some incorrect assumptions.
First, he appears to be mixing up the hobbyists early adoption of Voice-over-the-Internet with the more sober, secure, and sonorous VOIP- based telephony systems that businesses now install. The former dawned about 1995 with VocalTec software you could buy in a box at CompUSA for $50, and was used primarily by technophiles speaking voice packets home to Mom in India, over the open Internet. Voice quality was choppy and delayed.
The latter—enterprise IP telephony—takes place almost exclusively over managed data networks, using leased lines, a companys own fiber on its own campus, or frame-relay connections. VOIP conversations sent as the payload of IP packets, using IP protocol, therefore should not be confused with “Voice over the Internet,” which traverses the open, vulnerable medium: what Jim ends his column by calling “the dirty net.” Managed WANs dont touch that dirty net.
Voice Inherits Data Nets Security Mechanisms
The short answer to the security question is that when voice is sent as IP-encapsulated data, it relies on the same firewalls, intrusion detection systems, VPN technology, authentication and partition safeguards as data networks, and is as secure as that data.
Discussions of VOIP security also have to begin by recalibrating users notions about voice security on traditional phone systems. There isnt much; traditional central office (CO) lines are very easy to tap, usually through enclosures outside a building or on a telephone pole. Who besides the feds and the military encrypts their voice conversations? Nobody, yet. CEOs who want to be sure theyre not tapped get on planes and meet each other.
If it comes to that, both TDM (traditional, time-division multiplexed) and IP voice traffic can be encrypted, but few of us have sufficiently high-tech enemies or prized secrets to justify the expense. According to Chris King, managing partner at Principal Security Group (www.psgsite.com), the proper place to put that encryption is on the codec, in a chip in the IP phone itself or in the VOIP gateway — wherever voice is digitized and packetized. This would avoid the latency problem of link- or network-layer encryption and add perhaps $50 to the cost of an IP phone. Cisco — who makes the best-selling IP phone — is not doing this yet. Except for its federal government customers.
Next Page: Network administrators gone bad.
VOIP Is As Secure As You Make It – Page 2
Network Administrators Gone Bad, Not Mail Sorters
As for Willy in the mail room listening in on the CEOs conversation—well, to be a real VOIP-tapping threat, Willy needs to be something more like a network administrator. King tells me that since switches replaced hubs, its been difficult, if not impossible for anyone to eavesdrop on LAN-broadcasted traffic; its not broadcasted to the whole LAN. Since calls hit the switch and are immediately routed on specified ports to their destinations, it takes someone with access to the networking closet and rights to access the switchsomeone who has to know the port of the conversation that he wants to hear, and tap it with a span port. This is at least as difficult as sneaking into the locked telecom closet with a pair of alligator clips and a butt set.
Having said all that, theres no denying that the migration of voice onto data networks has been viewed as a growing challenge to hackers and various other malefactors; and various service providers and hardware vendors have gone to some lengths to reassure the installing public. If that public wants VOIP to surpass TDM in impregnability, it can pay for the security by adding encryption technology to phonesets and gateways. As for denial of service attacks, the PBX can also have its lines all jammed by automated dialers; with these devices and flat-rate calling plans, its not a huge leap in time or cost over email spamming.
There is a large library of literature on measures one can and should take to maximize security on converged voice/data networks; most of these coming under the category of commonly accepted network hygiene. SIP (Session Initiation Protocol) itself, if properly applied, has authentication mechanisms built-in.
Another important reason that the claim of VOIP vulnerability to the open Internet is largely a red herring: Jim has got business motivation for VOIP systems largely wrong in the first place. Its not about toll bypass, although it started off that way for hobbyists.
Telecom managers at big companies can negotiate such piddly per-minute rates from the telcos that at least domestically, theres little to be saved in circumventing the circuits of long distance carriers. The IP-PBX vendors tout such whiz-bang wonders as buddy list-driven phone calling (which I do find cool), but in fact, most VOIP systems being installed today are hooking up to the same PSTN (public switched telephone network) T1s or PRI trunks as the key systems and legacy PBXs they replace. These early installations are only using IP protocol to send and route calls across their own LANs, or perhaps to other branch offices on voice VLANs carved out of the company data network. As such, they inherit all of that WANs authentication precautions. They do not touch the Internet.
Next Page: VOIP and the PBX orphanage.
VOIP Is As Secure As You Make It – Page 3
VOIP Just Replaces Old, Orphaned PBXs
Why then, do enterprises go VOIP? Like I said, reasons that are prosaic but also forward-thinking. Take Rich Mastropietro, network engineering manager at Northstar Travel Media in Secuacus, NJ, who is cutting over from his Nortel Meridian PBX to a Cisco Call Manager IP telephony system this week. A Cisco Certified Network Administrator with no particular telephony background, he liked the Cisco option when it became clear that Nortel was no longer making replacement parts for his 15-year-old Meridian PBX.
He could have purchased a new, TDM (traditionally switched, time-division-multiplexed) Meridian from his systems integrator, NextiraOne, for about the same price as the IP-based Cisco Call Manager. But that would have prolonged his dependence on the NextiraOne telecom technician, who spends four hours on site every day just to support the PBX and do moves, adds and changes. With a web-based administration tool, he and his IT department can now do those things themselves. The systems integrator, well-versed in Mastropietros PBX setup, installed the Cisco system, but the daily on-site support contract is over.
His other big reasons were saving floor space and labor. Northstar Travel Media is consolidating all its offices to one floor. The Meridian PBX took up a roomful of racks; the Call Manager lives in three 2U boxes; one for the Unity voicemail/auto attendant system, and two redundant call processing servers. Wiring one set of LAN cables to the newly configured cubes, where PC will hook into phone port, will be half as much work as stringing both Ethernet and black voice cables.
Going forward, hell be able to tie in IP phones at the Los Angeles office over the companys frame-relay data WAN, with guaranteed bursting to 512 Kbps. But this is less about toll bypass, and more about consolidating most all long distance traffic (and associated volume discounts and fees), at one PSTN on-ramp, along with shared use of voice mail and auto attendant and four-digit extension dialing.
These are the broad strokes of a reply to Jims piece. I dont claim that all VOIP installations come without problems, but my anecdotal experience tells me more about network congestion (in under-provisioned, poorly prepared nets) than voice hijacking, spoofing, snooping or sniffing. I invite the VOIP-experienced public to share their horror stories with me: after all, Ive been brought on to report on VOIP, not to praise it.