Is VoIP Secure?

Is VoIP Secure?

The VoIP service provider looks at security as follows. They want to make sure that their network is secure, their revenue is protected along with their customers. When you sign up for VoIP do not get the false sense of security that everything VoIP is good. Also understand that you will not be able to place a call from everywhere. Even today VoIP still has some reliability and security issues however with that said these issues are being addressed due in part to the increasing demand for this technology.

As we know the broader issue of security is a hot topic these days both on and off the Internet, as a consequence security is being addressed by the industry, global standards bodies and governments, therefore we can expect some serious scrutiny in the issue of secure VoIP. VoIP is equally vulnerable to security risks as traditional IP data networks or any other data that is being sent over the internet.

Just as hackers use software to infiltrate security holes with data transfer, they cam also use this same software to get at your voice data. While this may not be a big issue if you are talking with you child from camp, the contrast can be said when discussing sensitive information while doing business.

So make sure that if you are considering a VoIP provider that they provide security and redundancy so you do not have to worry about the physical requirements and support of your phone system. Secondly you want them to address these issues of security. Ask them if they have separate lines for voice traffic. Ask them what measures they take to secure their networks. You can also ask them if they can Combine a VPN (Virtual Private Network) to your VoIP? This can prevent unauthorized access to your phone system

Moving forward into the future VoIP security will continue to be a major concern, just because it's well known that information that passes over the Internet can potentially fall into the wrong hands. As much as it's becoming a concern just as equally are additional resources have been dedicated to these security loop holes. Remember ask lots of questions and get the best service you can for your needs.

Source by Paul Hegarty

SECURITY OF VoIP versus Traditional Telephony – What are the threats and how to overcome them

SECURITY OF VoIP versus Traditional Telephony – What are the threats and how to overcome them

VOIP Security

PSTN or POTS which stands for Public Switch Telephone Network is the standard telephone connection to the majority of us today, and has been the sole providing system since the telephone made its way to the users.

These systems have dedicated lines (circuit switched) and are governed by technical standards created by the International Telecommunications Union (ITU-T).

This is a protocol which is optimized for the transmission of voice through the internet. It is referred to as IP telephony, Internet telephony, cvoice over broadband, broadband telephony and broadband phone.

There is a suite of IP-based communications service and provides multimedia communications over the IP networks (which internet is a part of, but not limited to such).

VOIP operates over any IP network and not just the internet and it provides a low-cost alternative to PSTN calling system.

PSTN versus VoIP
Publich Switched Telephone Network (PSTN) uses a SS7 signaling protocol (Signaling System # 7) and is a circuit-switched network (ATM/Frame relay). It is a pretty expensive infrastructure based system but provides reliable quality of transmission.

Voice Over IP (VoIP) uses SIP, H.232, RTP and more protocols for its transmission of data. It is a packet switched network system which is based on a converged infrastructure, and has up till now at least a unreliable quality of transmission, and highly dependent upon where you and receiver are located globally, regionally and locally.

Traditional features we are used to over the telephone systems are call waiting, caller ID, transfer of calls, Three-way calling, conference call capabilities. IN addition to these features VoIP will be able to provide business application integration with for instance tying IP telephony to a Customer Relation Market database (CRM).

It will also be possible to do calendar integration with desktop applications like MS Outlook for instance.

You can get detailed information about each caller and use of mobility – “follow-me-service” which makes it possible for users to work from anywhere.

VoIP benefits are the traditional argument about costs of course, but the scalability of system is a far better argument when it comes to business use of VoIP.

It provides a simplified network engineering concept and makes it possible to do applications integration.

Today there are several alternatives like Skype, Vonage, Google Talk and MS Messenger to mention a few and it is bound to be more available in the years to come, but also the functionalities of existing applications will increase dramatically according to user market.

Today less than 2% of user market used VoIP in 2005, it increased to aroud 10% in 2009, and is expected to increase to around 18 percent in 2011.

This increase in market share of VoIP over traditional telephone systems will require systems to handle this amount of users which is expected to be around 300 million users in 2011.

When we look at the penetration of VoIP in various markets around the world, some interesting facts comes to the surface.

The market share of VoIP in Japan is estimated to around 62.5% today, as for North America it is estimated to around 16 percent, in France the market share is around 11% and in Italy 4.5 percent. Germany has a market penetration for VoIP of around 2 percent and the Netherlands follows with 1 percent, as for Sweden and Norway they have a market penetration of VoIP of around 0.5% each.

The U.S VoIP subscribers are spread over 7 major service providers like Comcast , Time Warner, Vonage, Cablevision, Charter, Bright House and 8×8 which is supposedly the largest with around 3.2 million subscribers in the U.S, closely followed by Time Warner and Vonage each with around 2.4 million subscribers.

In Europe there has been a dramatic increase in households utilizing VoIP as telephone system. We can see the largest penetration in the household market in France with around 48% followed by Netherlands with around 35%. Norway comes in on third place with around 22% as for the other countries lies around 10% each in average.

IBIS World 2012 estimates that the U.S will have approximately 25.4 million VoIP subscribers in 2012.

VoIP equipment revenue development from 2007 to 2011 is prognosed to go from 3.5 billion USD to around 8 billion USD by the end of 2011.

There have been raised concerns about VoIP systems amongst users, and especially business clients have been concerned.

Integrity of systems is one concern as voice quality should be excellent and the availability should be 365/24/7 dial-tone.

The confidentiality is another concern raised by business users, as all communication should remain confidential.

Authenticity is a factor ranked high as valid subscribers should be able to access the service provider’s network. And last but not least the regulatory compliance issue is a must. This also makes the need for corporate best practice documentation and routines.

There are security threats to an IP network which VoIP uses. These threats are of a widespread type. It could be denial of service attacks, called DDOS attacks, Spoofing (caller ID), voice alteration (hijacking) and toll fraud (theft of service). All these types of threats can result in the loss of privacy and integrity of users on VoIP.

You also have the chance of SPIT (Spam over Internet Telephony or VoIP). You will also have the chance of being exposed to advertising that appears in a VoIP voice mailbox.  Then there is the chance of Vishing which is the process of persuading users to reveal personal information.

So, certain security measures need to take place before serious business use of VoIP systems can take place.

Use of Encryption and VPN systems will become a necessity as well as the use of Digital Certificates. There needs to be a separate VoIP network from the data network in a company or in a household. Computer systems need to have installation of Intrusion Prevention Systems and Firewalls. Use of Session Border Controllers (threshold policy rules) will have to take place. There is a need to implement a campaign to make awareness on using high-risk programs that expose the company or household to outside attacks.

To day, not a single virus is reported that is specific to attack or infect the VoIP packets. However, this will come without a shadow of a doubt.

Source by Stig Kristoffersen

VoIP Security – How Secure Is It?

VoIP Security – How Secure Is It?

With the advent of VoIP technology, the question of VoIP security comes to mind for many who are afraid that their conversations are being listened to by people they do not even know. Although this is certainly a possibility, so far there have not been any widespread reports of this occurring. It might surprise you to know that your phone conversations on your landline and your cell phone can also be tapped into, just in a different way.

Since VoIP conversations are converted to digital data and then transmitted in the form of data packets, just like traditional data packets that can be intercepted and listened to. This may be a bit disconcerting to hear, but in many cases the security breaches the user from themselves. If making calls using a computer, there could be malware present that is sending these packets to a server over the internet. Once there, the hackers then listen to the conversation.

Why would someone thousands of miles away want to you hear your conversation? Well, people that write intrusive software or malware are generally only trying to gain one thing, your private information. Although we benefit from new technologies such as VoIP, unfortunately so do would be thieves. It's not out of the reality of possibilities for malware to be written to "listen in" to your conversations and retrieve the data based on recognized key terms such as "pin number". If you called your bank and spoke with a bank employee, your private information could get into the wrong hands.

This sounds like a frightening prospect, but there are ways to combat the theft of your voice conversations. Encryption is key to prevent anyone from having unauthorized access. This way the conversation is encrypted when it's converted to digital data which renders it useless to anyone who might try to gain your information. They can still get the data, but since it's encrypted they would have no way to listen to it. For older style phone systems that use digital phones, for someone to listen to your conversation they would have physically be at the location to "tap into" the line. VoIP conversations can be intercepted from anywhere in the world which is why encryption becomes so important.

It goes without saying that the data network itself should have the protection of firewalls. Firewalls are the gatekeepers of a network and will allow or deny traffic depending on the configuration. The firewall serves to act as the main entry point for data. By relying on a firewall, the need for each individual device to have its own security is delegated and administrating security on the network becomes more simplified. Unfortunately, the firewall becomes yet another point through which data packets must pass. Since all of the packets enter and leave the network through the firewall, congestion can become heavy and a bottleneck created. Some networks are configured to have two firewalls one for standard data and one for VoIP data. This way the firewall specific to voice traffic can be configured with the appropriate security settings that would apply only to VoIP packets. It is also recommended that a firewall maintain the QoS or routing priority information on the packet header. VoIP traffic must have priority through the network to maintain higher voice quality during phone calls.

There are several places within the network where it is appropriate to implement firewall protection for added VoIP security. The first is in front of the IP phone system itself. This protects the phone system from any attacks that may originate from with the local area network and provides additional protection. VoIP traffic from remote workers should also be closely monitored to ensure that viruses, worms or other digital nuisances do not travel to the IP PBX via the VPN connection. Lastly, monitoring should occur on the carrier side to monitor for attacks from the carrier network itself. This is true even if the trunk is not connected to the internet.

There are several ways to configure multiple firewalls so that one is specific to VoIP traffic while the other handles other data. They can be set up in line with the data firewall being the first line of protection and the VoIP firewall immediately behind it or the data firewall can handle data traffic on its own while still processing VoIP traffic after it has been filtered by the VoIP firewall. The last configuration is one of both the data and VoIP firewalls sitting behind a router where the data firewall and the VoIP firewall filter data exclusive to their individual purpose. Regardless of the configuration, having a separate VoIP firewall is another layer of security protecting both your voice conversations an IP phone system.

VoIP is innovative technology which time has come. With the proper configuration and security settings, VoIP telephony can be just as secure as telephony using circuit switched routing. VoIP security is easily achieved with planning and appropriate security measures.

Source by Steve Mike Levy