EXPERT RESPONSE
Currently there is a lot of commentary and information available about the security of VoIP systems which is, to be blunt, pure scaremongering. Typically, in an implemented VoIP installation of an IP PBX, with IP hard phones on the desk and a connection from the IP PBX to the PSTN provider using a PRI or similar trunk, there are no external security concerns. This type of installation, which accounts for the majority of enterprise and SMB implementation, is considered a 'campus' system and is as secure externally as any current digital or analog PBX installation. There is, however, one small security issue with this type of installation.
There is a concern regarding the internal possibility of 'man-in-the-middle' type of attacks, such as eavesdropping, interception, caller-ID fraud, etc. While this may sound fraught with danger, since all of the VoIP communications are internal, it will only cause an issue if the internal network is compromised by a trusted user, either onsite or through a secure remote connection.
VoIP installations do, however, become more of a security concern when the IP traffic containing the voice data is passed over the open Internet. This opens up the possibilities of all 'man-in-the-middle' attacks originating from every external IP address on the network (i.e. anyone), with the possibility of DoS attacks being directed against the open ports on your perimeter necessary for the VoIP traffic to communicate with the recipient.
Before you decide not to implement an open VoIP system though, it is important to remember that HTTP and SMTP suffer from the same issues. In the case of SMTP, you use a secondary system after your firewall to guard against attacks such as viruses, spyware, spam, DoS attacks, and other threats to your mail system. VoIP systems can be secured in a similar fashion with perimeter security devices giving you the protection to deploy IP PBX with the same piece of mind as you utilize your e-mail.
|
