As the Voice over Internet Protocol continues to expand in the enterprise world, information security analysts are keeping a close eye on how this technology develops. VoIP and unified communications are set to become business standards in the near future; unfortunately, security experts believe that these systems present significant vulnerabilities that must be addressed now.
It is important to understand that VoIP communications are different from legacy PBX with regard to the network connections made when calls are placed. For the most part, landline, PBX and even mobile calls are made over private networks; VoIP calls require connections to the very large public data network known as the Internet.
Security Concerns During VoIP Installations
VoIP calls are made possible by the Session Initiation Protocol, which requires an open network port and a firewall exception. For this reason, network administrators and IT security specialists were not too happy with early VoIP systems.
In theory, unified communications systems that use VoIP could be placed behind a firewall; however, doing this will put too much latency on video calls. Leaving a wide open network port for VoIP is certainly not a wise option. The best way to provide network security for VoIP is to use session border controller (SBC) technology. SBC systems are similar to firewalls in the sense that they can be installed as hardware items or as virtual instances; they can also be used to fend off denial of service attacks. Business owners who install a cloud-based VoIP system in their offices are typically protected by virtual SBC instances.
Running unified communications or VoIP systems on an open network port presents a few security risks. As long as the software and connections are encrypted, there is no danger of outsiders eavesdropping on calls; nonetheless, poorly secured VoIP networks can be targeted by cybercrime groups dedicated to toll fraud, which can result in thousands of dollars lost through illegally placed long distance calls. There is also caller ID spoofing to worry about; identity thieves have been caught hijacking VoIP systems to impersonate companies and gain personal information from clients, employees, and associates.
In recent years, hackers have been launching denial of service attacks on call centers that run VoIP systems. The attack mechanism is similar to the one employed to take down websites, but the targets are Session Initiation Protocol addresses of the network instead of URLs. To learn more about VoIP security, contact Sonic Systems and speak to our technicians.[