In the age of VoIP when data and voice packets travel along the same cyber highway, it is natural that the number security concerns is growing. With more information that can be intercepted, corrupted or accessed unlawfully, hackers have more loopholes than ever to exploit for fun, or personal gain.
Those managing IT departments with VoIP systems should therefore do well to ensure that vulnerabilities are patched to minimize threats and mitigate possible effects on data and voice flow should there be attacks. For VoIP, the two factors that must be considered in detail are:
As voice calls can be easily intercepted and accessed by other people other than the intended free trading signals recipient using packet sniffer and other packet capturing techniques, it is necessary to encrypt the signal and voice packets on the sending end and decrypt them only when needed by the intended recipient.
Packets can be encrypted at the IP level so that these are unintelligible to anyone who intercepts the VoIP traffic, using the IPSec encryption algorithms and security protocols. Encryption can also be done at application level with premium signals VoIPSec (VoIP using IPSec) that prevents man-in-the-middle attacks, packet sniffing and voice traffic analysis. Fortunately, obstacles in using IPSec or VoIPSec like slow crypto-engine that degrades Quality of Service (QoS) can now be overcome by new developments, such as VoIP-aware crypto scheduler that relieves the encryption bottlenecks.
Today’s networks almost always include firewalls that block intrusive, invasive or malicious traffic that tries to access a LAN, WAN or even just a single computer. It’s the first line of defense against attacks, with all traffic not meeting the firewall’s requirements being blocked.
Firewalls are both blessing and curse for VoIP networks. Since a firewall filters all traffic, it causes a bottleneck that real-time applications like VoIP hate, as these cause latency (delay), jitter and packet loss that ultimately result in poor voice quality. But the alternative to leaving some ports open to allow VoIP traffic to pass through unfiltered would expose the system to possible attacks. On the other hand, VoIP networks can be configured to simplify and centralize security configurations at the firewall gateway instead of having these at each endpoint, dramatically reducing the burden.
Using VoIP-aware Application Layer Gateway (ALG) that can parse and understand VoIP traffic signals and dynamically open or close needed ports is one of the options that can be used to enable VoIP signals to traverse firewalls. Session Border Controller (SBC), a dedicated appliance that offers firewall/NAT traversal and other security features can also be used, although the latter is not yet commonly available.
With the increasing popularity of VoIP, it is imperative for network designers and administrators to make use of all available technologies to overcome problems posed by the inclusion of VoIP to the data network to resolve incompatibilities. Ensuring the protection of voice and data packets must also be given priority, as data loss or corruption can lead to very serious consequences.