View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 7, 2005

Enterprises can shore up VoIP security says VeriSign

Security threats to enterprise VoIP are real, but there is hope that VoIP will not be plagued with the same chronic security issues as its counterparts, such as e-mail, said security outfit VeriSign Inc yesterday.

By CBR Staff Writer

In its latest Internet Security Intelligence Briefing, published today, VeriSign outlines ways enterprises can shore up security when using VoIP.

The key, said VeriSign principal scientist Phillip Hallam-Baker is to consider vulnerabilities in VoIP protocols and in the ways VoIP security relates to broader enterprise infrastructure.

In short, companies should be aware that a VoIP network breach would likely affect other network infrastructure, including their data networks, said Hallam-Baker said.

I expect to see some problems caused where VoIP allows Internet criminals to access to the telephone network in ways that can’t be traced, Hallam-Baker said. That’s the type of thing that gives me concern.

Part of the problem is that VoIP protocols are not firewall friendly. That’s because VoIP protocols were designed at a time when firewalls were generally considered a temporary security measure that would be quickly superseded by encryption technologies such as IPSec which did not happen.

Also, unlike HTTP and SMTP, which use a single service port for incoming connections, the VoIP signaling protocols, including SIP, require a dynamic data connection, VeriSign said. Moreover, a VoIP packet does not have a clearly recognized signature making it difficult for a network administrator to distinguish actual VoIP traffic from the control channel for a Trojan concealed within the enterprise network, the report said.

You want to apply best practices in your VoIP deployment, Hallam-Baker said. You want to make sure that you maintain the isolation between your data network and phone network; and that you understand the consequences of making that particular change.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

If not, VoIP deployment may lead to compromised enterprise firewalls, he said.

Enterprises should audit and maintain firewall configuration. One approach is to deploy a pinhole routing system to ensure VoIP signaling mechanism ports are only opened for the VOIP system and only when in use. Another is to isolate VoIP systems by keeping VoIP and data traffic separate using a different physical network or a VPN.

Enterprise need to ensure they don’t negate the value of their existing infrastructures, Hallam-Baker said.

Unlike e-mail and other Internet applications, VoIP has a couple of things in its favor as far as security goes, he said. One is that VoIP interacts with traditional telephony networks, which are much less diversified than the Internet.

In other words, there are few infrastructure players in telephony than the Internet, and the number of control points in traditional telephony is relatively small, Hallam-Baker said. Therefore, maintaining vigilant security measures may be less complicated. So, there is actually some degree of reason for hope, he said.

If we continue to take things seriously, there’s no reason why VoIP security should become chronic, he said. The biggest problem would be overconfidence and complacency. If we can avoid complacency and the idea that you can take shortcuts… then we should be fine.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.