You are here:HomeSupportguide to conference call→Companies must evaluate VoIP service providers with their security concerns
Companies must evaluate VoIP service providers with their security concerns      
Written by yangying  
January 29, 2008 13:09

Once companies convert to a VoIP service provider, security and data integrity become more of a priority than with traditional telephony. Callers' voices are now data and that packaged data needs to be secured. And so, a security solution needs to be found that ensures flexibility from VoIP service providers that eliminate most of the risk from external attacks.

In most cases, voice data is managed through a virtual private network (VPN), which simplifies the delivery of the voice packet and provides greater security for the VoIP-using company. However, Voice over IP providers must stay ahead of their customers' security concerns, while moving the voice technology towards open architectures and less restrictive systems. Buyers of these services must also protect their VoIP system just as they would treat their data networks.

To address these growing VoIP concerns, the Voice over IP Security Alliance (VoIPSA) was formed earlier this year to provide additional collaborative user support from VoIP vendors, universities, providers and information technology leaders. The mission of this organization is to improve the public's awareness of VoIP security issues and to find the best practices for VoIP privacy and security via discussion lists, white papers, and sponsorship of VoIP research projects.

More voice traffic equals more concerns

With increased voice and data traffic (more so than with traditional telephony), the packeted voice data on the network soon becomes overloaded and delayed. Security also suffers, leaving the network vulnerable to hackers and viruses. To prevent these occurrences from crippling a company's VoIP network, VoIPSA suggests establishing regular packet inspections and testing VoIP frameworks and their components. Another suggested security precaution is ensuring that the VPN network is not accessible from the Internet and that there are adequate firewalls and frequent security patches. VoIPSA also emphasizes security research as one of the best practices to overcome VoIP system vulnerabilities.

In addition to spreading viruses, hackers want to have access to free phone calls. They also wish to manipulate and reassemble the packeted voice data. To prevent the packeted voice data from becoming vulnerable, the VoIP network needs to have strict access control lists. In addition, if the VoIP network is isolated onto a virtual LAN, the risk of external attacks can be lessened.

Finally, the VoIPSA suggests that companies tailor their security system to match their VoIP network and provider. Finding a VoIP security solution is not an easy process, but a necessary one to ensure the VoIP system's integrity and reliability.