VoIP Security Factors
Security - the new challenge
As the use of VoIP becomes more and more prevalent, network administrators are beginning to take security more seriously. Previously, due to the low adoption of VoIP technologies in general, attacks specially targeting Internet based calls were something of a rarity. It's a dubious tribute to the growing popularity of VoIP that such attacks are now far more frequent and are becoming increasingly innovative by the day.
In this article, we won't talk about internal threats such as a disgruntled employee providing access to a compromised system. Stringent administrative procedures will take care of the vast majority of such cases - such as disabling an employees VoIP account when they no longer work with the firm. Instead, we discuss external threats, where the point of attack can occur, and what we can do about it. In addition, we also look at the distinction between an attacker and an entity such as the government which can listen in legally to people's conversations.
VoIP and Security
Compared to the traditional telephone system, attacking a VoIP set up is both easier and more difficult. It depends on the type of attack as well as the sort of system being targeted. For purposes of this article, we look at attacks which aim to listen in on telephone conversations rather than DDoS or gaining unauthorized access to make fraudulent voice calls. When it comes to listening in, it's much easier for an attacker vis a vis a PSTN system.
For one, digital packets can be perfectly replicated unlike analog signals through which attackers give themselves away since various "clicks" and other disturbances may be heard by the user. Additionally, these packets can be eavesdropped on at any one of the many transit points - such as routers. Law enforcement agencies will find it very easy to listen in on VoIP communications since all your Internet traffic is routed through the ISP anyway even with small business hosted VoIP solutions.
This sort of listening in can be thwarted using heavy encryption. However, recent advances indicate that it might be possible to guess certain phrases even through encrypted traffic. Nonetheless, encryption remains a very powerful tool for obfuscating VoIP traffic and many governments have tried to prevent it from taking place at all.
A Virtual Private Network (VPN) is a great security measure provided you trust the server at the other end. Such security is almost impossible to break through and pretty much removes the possibility of a man in the middle attack being successful. Contact your provider of SIP Hosted PBX services to find out what security measures they have in place to secure your communications.