EXPOSE
Will VoIP's shortcomings give businesses a wake-up call?
 |
|
|
|
|||
|
|
|
|
|||
|
|
Internet | ||||
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
| Telephony | |
|||||
|
|
|
|
|||
| ||||||
|
|
|
|
|||
|
||||||
| ||||||
|
|
|
|
|||
| ||||||
| ||||||
Dont' be surprised when your boss says you're about to enter the phone business.
Voice over Internet Protocol (VoIP), a specific iteration of generic Internet Protocol telephony (IPT) voice technology, is coming on strong as carriers roll out connection plans, and companies of all sizes deploy software and equipment to add services and save money.
So what's keeping security managers up at night as executives insist on wringing more productivity out of the network? Security, of course. Vendors have yet to create a complete solution that includes strong user/device authentication, end-to-end encryption and bulletproof management systems. But, hang on the line and we'll show you how to identify the security obstacles of VoIP.
Security Disconnects
At its most basic level, IPT is the technology by which phone calls are converted into packets and delivered over the same pathways that carry data across local networks, leased lines and the public Internet.
Sounds simple enough, but amid widespread agreement on how to keep your data networks secure and healthy, the simplicity--and security--disappears as your business adds voice devices to its network.
VoIP's early adopters have encountered various high-priority security concerns that best practices and standards must address. Groups such as VoIP Security Alliance are identifying potential pitfalls in heterogeneous networks, with an eye toward creating a list of common issues. But, in the end, it will be up to vendors to recognize that, for VoIP to become ubiquitous, standards must be agreed upon and adopted.
Regardless of their technology choices, businesses' problems cut across product lines and go to the heart of VoIP's implementation challenges:
IPT networks have many holes.
Everyone understands how to set up a safe data network, but there's less agreement when faced with new, IPT-related obstacles. For example, many session initiation protocol (SIP)-enabled firewalls, which ground IPT-based communication, allow the dynamic opening and closing of ports required for telephony. Not only is port 5060 active for signaling (the process of setting up and tearing down a call), but ports 1124 through 1760 will open and close automatically as calls are set up and audio begins to pass through the firewall. During calls, those ports are wide-open highways into the network.
This was first published in September 2005