|
The Benefits of VoIP
Voice over Internet Protocol (Voice over IP or VoIP) allows users to make phone calls over the Internet, or any other IP network, using the packet switched network as a transmission medium rather than the traditional circuit transmissions of the Public Switched Telephone Network (PSTN). As the technology has become more reliable in recent years, companies have been moving to VoIP for a number of reasons. Consolidation of voice and data on one network reduces costs and results in a lower network total cost of ownership (TCO). Operating expense savings include lower long distance charges, reduced support costs and savings via workforce virtualization. Companies also use the migration to VoIP as an opportunity to replace aging telephony equipment with feature-rich technology like teleconferencing and collaboration/multimedia applications. VoIP supports increased mobility, since remote workers have the same access to voice features as corporate office employees.
Research organization Gartner Inc. recently reported that spending by US companies and public-sector organizations on VoIP systems is on track to grow to $903 million in 2005 (up from the $686 million in 2004). By 2007, Gartner expects 97 percent of new phone systems installed in North America to be VoIP or hybrids.
Planning and Implementing VoIP Security
While it is true that Voice over IP can provide savings over traditional telephony solutions, there are security risks associated with this technology that need to be addressed. Risks include denial of service (DoS), service theft, unauthorized call monitoring, call routing manipulation, identity theft and impersonation, among others. Not only does VoIP inherit all data network security risks, but it introduces new vectors for threats related to the emerging and untested technology and protocols associated with VoIP. These new threat vectors in turn increase the risk to the data network.
Companies may spend $100,000 or more on network upgrades required to support a VoIP implementation, yet they may overlook VoIP security during their network assessment. Many enterprises assume that their existing security policies are adequate. And in many cases, executives do not include security managers in the decision-making process (either for purchase or deployment of VoIP).
The technology behind VoIP is a complex collection of protocols, applications and appliances that all require attention when planning a new implementation or conducting risk assessments of existing technology. An ideal VoIP security solution provides multi-layered, preemptive protection from threats affecting both traditional data-driven network traffic and the underlying infrastructure, devices and protocols that support VoIP data transmissions, all without interrupting Quality of Service.
ISSUES ASSOCIATED WITH VoIP SECURITY
The biggest threats associated with VoIP are service disruption or degradation (DoS) and remote compromise that can lead to unfettered access to an enterprise's critical systems and the confidential information stored on those systems. Attack prevention and the preservation of Quality of Service are the key requirements for a VoIP protection system.
Quality of Service (QoS)
VoIP requires higher standards of Quality of Service and availability than are accepted on worldwide data networks. The degree of latency that may be acceptable for data traffic cannot be tolerated for voice transmissions. Any threat that disrupts service, even slightly, or compromises call integrity could result in a service outage. Executives contemplating or undergoing the switch to VoIP need to consider how an outage might impact their business. A prime example of VoIP risk is a business call center undergoing a denial of service attack. The "lines" would be flooded; no calls could get through. The cost of network cleanup and recovery may be substantial, but that pales in comparison to the cost of lost business opportunities while the network is down. Fortune magazine data shows that Fortune 1000 companies earn revenues per minute ranging from $9,000 to $258 million, with an average of $62,000 per minute2. Such financial losses from VoIP network downtime are unrecoverable.
Integrated VoIP technology assures Quality of Service through multiple devices including routers, VoIP-specific servers, the virtual private networks (VPNs) across which the traffic might travel, and third party products. Security solutions protecting the VoIP network should honor QoS and protect against Denial of Service in order to assure the network's quality and reliability.
|
