Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion


Securing VoIP in Today?s Technology

By Larry K ·
VoIP provides a means of providing telephony over an existing IP network. However, for reasons including QoS, scalability, manageability, and security, deployment of IP telephony devices and IP data devices should be deployed on two logically different IP segments. The combination of data and voice segmentation and a switched infrastructure strongly mitigates call eavesdropping attacks. In addition, limiting logical access to VoIP components is necessary for protecting telephony applications running across the infrastructure. Logically, segregating data from telephony by placing VoIP servers and subscriber terminals on logically separate IP networks while controlling access to these VoIP components through IP filters will help to ensure the security and aid in protecting the VoIP environment from external threat.

(VoIP STIG, V1R1 Field Security Operations
13 January 2004 Defense Information Systems Agency)

This by no means is the end all. Segregation of the logical address is just the beginning. Other considerations must be taken to ensure a secure VoIP system. There will be instances where segregating the logical address may not be helpful; for instance, when there is a need for a VoIP system to communicate with a data network. In this scenario, NAT (network address translation) should be implemented between the VoIP/data segment.

Firewalls and IDS should be used. Because VoIP Security is so closely related to many of the disciplines of network security, all standard security practices used for networks should also apply.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by Jaqui In reply to Securing VoIP in Today?s ...

any networking tech should have standard security practices used in conjunction with it.

after all, isn't connecting onto a network opening the doors for security riks?

Related Discussions

Related Forums