Though the modern business world is becoming ever more data-centric, voice still reigns as king. If you want to create a client relationship, secure a business deal or safely discuss sensitive information your voice is your greatest tool. Voice over IP can, however, run foul of traditional security challenges that beset modern data communications, including address spoofing used to hijack a phone number, or Denial of Service (DoS) attacks (which is possible due to a shortcoming of TCP/IP during the establishing of a connection). Deploying a firewall will counter such traditional assaults, but does little to counter the more targeted attacks from sniffers and eavesdroppers.
Eavesdroppers can easily access software designed to convert misconfigured IP phone conversations into wave files for playback on ordinary sound players. To counteract such sniffer activities and secure voice calls, businesses need to seriously consider encrypting voice. One possibility is to do this via a virtual private network (VPN) tunnel, either using AES or DES (Data Encryption Standard) for the encryption the signaling and streaming components of a VoIP call. A second option is to use secure real time protocol (SRTP) for encrypting the streaming part of the VoIP call.
However, securing voice traffic raises new challenges for the technology as voice packets need to be submitted to encryption and traverse the firewall without suffering undue latency. Slowing of transmission, short breaks or interuptions in data communication is generally not going to be too noticable, but when it comes to voice the quality of service (QoS) is absolutely critical. As conversationalists we are highly conscious of correct audio, so latency issues causing breaks in speech therefore become rapidly tiresome.
For this reason, any business seeking to address the security of its voice calls over the Internet needs to ensure that any system deployed, as well as providing the aforementioned levels of encryption, also needs to address the demands of traffic management to ensure quality of service. This is especially important because voice packets are sent using the user datagram protocol (UDP) which offers no guarantee of delivery.
One essential element in managing traffic while ensuring security is the traversal of the network address translation device (NAT) and of the firewall. NAT helps to ensure security since each outgoing or incoming request for an Internet Protocol address must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request.
For that reason, businesses seeking to deploy a Voice over IP infrastructure must therefore ensure proper traversal of both NAT and Firewall, which can be accomplished by either integrating an application level gateway (ALG) or by using STUN, enabling the Simple Traversal of UDP through the NAT.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.