Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security In Voice Over IP Converged Networks

Posted by timothy on from the prince-albert-in-a-can dept.

dotslash writes: "This article at Internet Telephony Magazine has a very interesting analysis of security issues created by converging data and telephony networks with VoIP: "When the phenomenon of "convergence" between telephony and Internet started, it also brought closer the world of the phreaker and the hacker. VoIP brings all this to the next level. Unfortunately, the security inherent in VoIP solutions is equivalent to that of the early Internet: Non-existent.""

2 of 113 comments (clear)

  1. Security inherited from IP network? by gatekeep · · Score: 4, Insightful

    Granted, security should be implemented at each layer if possible, but wouldn't VoIP inherit the security of the IP network itself? So far, most VoIP installations I've seen/heard about are either within an office, connecting handsets to a PBX with traditional trunks, or between offices of the same company using their internal WAN. Granted you can still have attacks internally, but in neither of these scenarios is it very easy for the general public to snoop or intercept your phone calls.

    That said, I really don't see VoIP on a large scale taking off for a while. Two things need to occur before that happens;

    - Suitably fast data service has to be ubiquitous. Spotty DSL/Cable coverage won't do it.
    - Said data service has to be less expensive than conventional phone service. This one's a no brainer.
    - Wireless data on a large scale would help as well.

    So far, I don't see these criteria being met in all but niche markets, and that's exactly where VoIP has found itself... for now.

  2. Been there, but most other haven't... by xt · · Score: 5, Insightful

    Only a couple of months ago, we finished a roll-out for IP phones. The client was a bank and security was the top consideration. In essence, whatever worked to secure data, worked to secure VoIP. The problem in general is not with the technology; it is with the "old school" PBX designers and engineers.

    I have met quite a few people, extremely skilled with PBXs, who view data networks as a black box and have almost no knowledge or methodology to work with products that use them, much less secure them.

    When these people grasp the realities of the new, converged, technology, we can expect to see quite a few changes both on VoIP systems' built-in security and fail-safe operation.