Each element that comprises VoIP contains a processor running software and a TCP/IP stack that is addressable and accessible over the data network, all of which can be attacked.  Denial-of-service (DoS) attacks, unauthorized free calls due to hacked gateways, call eavesdropping and malicious call redirection are just some of the more common scenarios that can happen once your VoIP infrastructure is compromised.  And since it's IP based, viruses, spam and phishing can find their way to VoIP as well.

Security solution company CheckPoint provided the following tips for ensuring secure VoIP:

1.  Choose the VoIP protocols carefully.
Make sure selected equipment meets your requirements, not the other way around. Changing requirements in order to support specific vendor equipment is not recommended.

2.  Turn off unnecessary protocols.
There are enough unknown vulnerabilities that might be exploited with the protocols used. There is no need to extend the hackers' window of opportunity by enabling unnecessary and unused protocols and services.

3.  Divide and conquer works well for VoIP networks.
It's highly recommended to separate the VoIP and other IP-based infrastructure using physical or logical separators.
 
4.  Authenticate remote operations.
VoIP terminals can be remotely upgraded and managed. Make sure that you use only authorized personnel from authorized locations (based on IP addresses and unique usernames).

5.  Separate VoIP servers and the internal network.
Several security devices can't fully understand the VoIP signaling commands. As a result, they may open dynamic communications ports, leaving the network vulnerable to bounce attacks. This will allow an attacker to penetrate other business-critical network elements in the internal LAN.

6.  Make sure the VoIP security system can track the communications ports.
Security system should be able to read inside the signaling packets to discover the ports selected and enable two endpoints to send media packets to each other. It is also important that it can understand and enforce the proper chain of operations.

7.  Use Network Address Translation (NAT).
Even if in some cases, it poses a special problem for VoIP. NAT converts internal IP addresses into a single, globally unique IP address for routing across the Internet. The added value of hiding the network is invaluable.

8.  Use a security system that performs VoIP specific security checks.
A security system must be able to look inside the VoIP stream, analyze the call state and check for the service content, making sure that all parameters are consistent and make sense according to your business needs.

While it's true that VoIP security challenges will escalate as usage continues to grow, the threat is not enough reason for companies not to reap the benefits of VoIP.  All you need to do is to have a strong IP voice security policy and the right mix of security tools.  Another good news is a consortium of security experts, equipment vendors, researchers, and business people has formed to work on the security problems inherent in Voice over IP communications.

Why is this so?  Because the market for VoIP gateway technology is expected to reach almost $1 billion in size by the year 2009.  Growth in the market is expected to be steady and swift, starting from a baseline of $165.3 million in 2003 and reaching $985.7 million by 2009. (Jerry Liao)

**********

For your questions, comments, suggestions, press releases and stories, please e-mail techtvhost@yahoo.com.  God Bless us all!!!

**********