3 Questions: VoIP security is coming to the forefront

Read about VoIP vulnerabilities before you make the decision about voice communications.

By Carl Weinschenk

With James Valentine, senior consultant, International Network Services. VoIP is gaining traction, but concerns remain. A major fear is that converging the voice and data network creates a single point of failure for what essentially is a company's entire telecommunications infrastructure. A related worry is exposing voice communications to the hacking and virus dangers traditionally associated with data networking.

This interview originally appeared in the IT Business Edge weekly report on "Optimizing Infrastructure." To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit

Question: For a while, you didn't hear too much about VoIP's vulnerability to viruses and hackers. Is that changing?

Valentine: It's starting to come more to the forefront. Security is becoming a big issue for a lot of the enterprises that are looking at VoIP. The reason is that it's been getting a lot of press with vulnerabilities found in H.323 and SIP and various transport protocols available today. It's moved to the forefront during the last few months within the industry. There was a lot of talk of the vulnerabilities within SIP that could lead to session hijacking and spoofing the end points to perform toll fraud or actually provide disinformation.

Question: Fixing the protocols is, of course, beyond the realm of IT managers. What should they do?

Valentine: They should think about ensuring that their communications are secure with the encryption technology that is starting to come to the forefront and security policies that ensure rogue employee activity doesn't go unnoticed. There are really no particular special security practices other than normal good security practices to follow on the network. Keep up with patch updates. [IT managers] need to have intrusion detection systems in place to have networks actively monitored. They need to make sure firewalls are in place and configured correctly to block unnecessary ports into network.

Question: Will VoIP-specific security gear emerge?

Valentine: It will have to because different port numbers need to be opened on the stack [for VoIP]. They need specialized firewalls to let voice communications in and out. Those ports have to be closed down as soon as the communication is completed.

Editor's Picks