With the advent of VoIP technology, the question of VoIP security comes to mind for many who are afraid that their conversations are being listened to by people they don’t even know. Although this is certainly a possibility, so far there haven’t been any widespread reports of this occurring. It might surprise you to know that your phone conversations on your landline and your cell phone can also be tapped into, just in a different way.
Since VoIP conversations are converted to digital data and then transmitted in the form of data packets, just like traditional data packets they can be intercepted and listened to. This might be a bit disconcerting to hear, but in many cases the security breach comes from the user themselves. If making calls using a computer, there could be malware present that is sending these packets to a server over the internet. Once there, the hackers then listen to the conversation.
Why would someone thousands of miles away want to you hear your conversation? Well, people that write intrusive software or malware are generally only trying to gain one thing, your private information. Although we benefit from new technologies such as VoIP, unfortunately so do would be thieves. It’s not out of the realm of possibilities for malware to be written to “listen in” to your conversations and retrieve the data based on recognized key terms such as “pin number”. If you called your bank and spoke with a bank employee, your private information could get into the wrong hands.
This sounds like a frightening prospect, but there are ways to combat the theft of your voice conversations. Encryption is key to prevent anyone from having unauthorized access. This way the conversation is encrypted when it’s converted to digital data which renders it useless to anyone who might try to gain your information. They can still get the data, but since it’s encrypted they would have no way to listen to it. For older style phone systems that use digital phones, for someone to listen to your conversation they would have physically be at the location to “tap into” the line. VoIP conversations can be intercepted from anywhere in the world which is why encryption becomes so important.
It goes without saying that the data network itself should have the protection of firewalls. Firewalls are the gatekeepers of a network and will allow or deny traffic depending on the configuration. The firewall serves to act as the main entry point for data. By relying on a firewall, the need for each individual device to have its own security is negated and administering security on the network becomes more simplified. Unfortunately, the firewall becomes yet another point through which data packets must pass. Since all of the packets enter and leave the network through the firewall, congestion can become heavy and a bottleneck created. Some networks are configured to have two firewalls one for standard data and one for VoIP data. This way the firewall specific to voice traffic can be configured with the appropriate security settings that would apply only to VoIP packets. It is also recommended that a firewall maintain the QoS or routing priority information on the packet header. VoIP traffic must have priority throughout the network to maintain higher voice quality during phone calls.
There are several places within the network where it is appropriate to implement firewall protection for added VoIP security. The first is in front of the IP phone system itself. This protects the phone system from any attacks that might originate from with the local area network and provides additional protection. VoIP traffic from remote workers should also be closely monitored to ensure that viruses, worms or other digital nuisances don’t travel to the IP PBX via the VPN connection. Lastly, monitoring should occur on the carrier side to monitor for attacks from the carrier network itself. This is true even if the trunk is not connected to the internet.
There are several ways to configure multiple firewalls so that one is specific to VoIP traffic while the other handles other data. They can be set up in line with the data firewall being the first line of protection and the VoIP firewall immediately behind it or the data firewall can handle data traffic on its own while still processing VoIP traffic after it has been filtered by the VoIP firewall. The last configuration is one of both the data and VoIP firewalls sitting behind a router where the data firewall and the VoIP firewall filter data exclusive to their individual purpose. Regardless of the configuration, having a separate VoIP firewall is another layer of security protecting both your voice conversations an IP phone system.
VoIP is innovative technology whose time has come. With the proper configuration and security settings, VoIP telephony can be just as secure as telephony using circuit switched routing. VoIP security is easily achieved with planning and appropriate security measures.