Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.Voice over IP (VoIP) technology is becoming more and more prevalent in corporate networks. Depending on the size of a company and the monthly costs for local and long distance service to separate networked sites, it can prove cost-effective to implement a VoIP network.
When deciding whether to implement VoIP, organizations should focus on quality of service (QoS) through the network as well as the cost of deployment. These two major areas require significant study and attention before beginning a VoIP project.
In addition, organizations should take several security precautions into consideration before beginning an implementation. For example, don't use the same IP addressing scheme as your current network; this helps protect the new network from misuse and denial-of-service attacks.
In order to protect your VoIP network, it's important to understand VoIP protocols and the problems that you might encounter.
Know the protocols
A VoIP deployment could use several protocols to go through its call signaling, call control, and media communications. These protocols use a wide range of ports to provide VoIP functionality.
Depending on your VoIP vender, these protocols could include the following:
Prepare for these security problems
As you can see, VoIP depends heavily on UDP traffic. However, this yields two significant security problems.
VoIP work with a network using Network Address Translation
NAT has several notorious limitations. It modifies the source and/or destination address at the IP layer of the OSI (Layer 3).
In addition, it doesn't modify the upper layer protocols used by VoIP (Layer 4 and 5). It embeds the port assignments that these protocols negotiate within the IP payload.
VoIP work through a firewall?
By default, most firewalls deny an outside connection that has no corresponding internal origination. By design, firewalls only allow outside traffic from well-known ports. But VoIP traffic randomly uses high UDP ports for inbound calls.
Deploying VoIP technology involves several major hurdles. During your planning phase, check with the vendor of your current network and firewall equipment to see if it offers any support for VoIP applications. This can help build security into your initial deployment.
Also plan for fault tolerance and redundancy. Extending a live VoIP network is much more difficult than just adding disks to an array.
Keep in mind that VoIP is still an emerging technology. It's a good idea to wait until it matures before deploying it, and then you can learn from others' mistakes.