Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security In Voice Over IP Converged Networks

Posted by timothy on from the prince-albert-in-a-can dept.

dotslash writes: "This article at Internet Telephony Magazine has a very interesting analysis of security issues created by converging data and telephony networks with VoIP: "When the phenomenon of "convergence" between telephony and Internet started, it also brought closer the world of the phreaker and the hacker. VoIP brings all this to the next level. Unfortunately, the security inherent in VoIP solutions is equivalent to that of the early Internet: Non-existent.""

4 of 113 comments (clear)

  1. Security inherited from IP network? by gatekeep · · Score: 4, Insightful

    Granted, security should be implemented at each layer if possible, but wouldn't VoIP inherit the security of the IP network itself? So far, most VoIP installations I've seen/heard about are either within an office, connecting handsets to a PBX with traditional trunks, or between offices of the same company using their internal WAN. Granted you can still have attacks internally, but in neither of these scenarios is it very easy for the general public to snoop or intercept your phone calls.

    That said, I really don't see VoIP on a large scale taking off for a while. Two things need to occur before that happens;

    - Suitably fast data service has to be ubiquitous. Spotty DSL/Cable coverage won't do it.
    - Said data service has to be less expensive than conventional phone service. This one's a no brainer.
    - Wireless data on a large scale would help as well.

    So far, I don't see these criteria being met in all but niche markets, and that's exactly where VoIP has found itself... for now.

  2. Who really gives a shit! by noahbagels · · Score: 3, Insightful

    Sorry for swearing - but everyone reading /. is adult enough to get a dose of reality.

    If you're actually reading this thread - you're wasting your time.

    do you really care if someone can easily tap your phone conversations?.

    More importantly:

    is the value of your conversation worth the energy required for someone to crack your phone call?

    In a security course (both in college, and later in a Cisco class) we heard that the risk is equal to the value divided by the effort required to get at that value.
    Now: I don't believe this quote exactly, but it's point is clear.

    Nobody I know would spend the effort required to tap my personal line just to hear something I might not tell them directly.
    Further: Companies with secrets can use:

    I. Standard Non-Secure Phone Lines

    II. Secure VoIP solutions

    III.Standard VoIP solutions over a VPN
    ... need I go on?

  3. Been there, but most other haven't... by xt · · Score: 5, Insightful

    Only a couple of months ago, we finished a roll-out for IP phones. The client was a bank and security was the top consideration. In essence, whatever worked to secure data, worked to secure VoIP. The problem in general is not with the technology; it is with the "old school" PBX designers and engineers.

    I have met quite a few people, extremely skilled with PBXs, who view data networks as a black box and have almost no knowledge or methodology to work with products that use them, much less secure them.

    When these people grasp the realities of the new, converged, technology, we can expect to see quite a few changes both on VoIP systems' built-in security and fail-safe operation.

  4. Re:Simple Answer by homer_ca · · Score: 3, Insightful

    That's pretty much it. Educate the users so they are aware of the level of privacy. Police, fire, taxis and pilots have for years used (and still use) unencrypted analog 2 way radios. Anybody with a scanner could eavesdrop on them, and they lived with that risk.

    I'm not saying it's a good idea to just forget about security, but people should remember there's nothing sacred about privacy electronic communications. If it's really important to keep something secret, don't say it on an insecure line.