VoIP privacy on the WAN

Now, you're probably thinking several things about my little paranoid theory:

First, it's worth noting that although your government may not be spying on domestic traffic, many of you may work for multinational companies that do business globally. Thus, much of your traffic may route through several jurisdictions, each of which may be discouraged from spying on its domestic traffic but left free to spy on anything coming into or going out of the country. This was the theory behind Echelon.

Second, many people have pointed out that recording all the traffic that traverses the Internet would be quite a feat. Most have dismissed it as impossible. But text-to-speech and speech-to-text conversion software is pretty mature these days, and recording only those conversations with certain key words or with certain sources or destinations is a much simpler task. This possibility is one reason that encrypting voice traffic with SRTP (RFC 3711) is considered a best practice on the Internet, even though it isn't supported by most residential providers (such as Vonage).

Th

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT VoIP QoS and VoIP Security VoIP implementation study guide How will VoIP impact the quality of phone calls on our network? How does one cope with echo in a VoIP-enabled network? What's the best way to use an echo canceller? Does implementing VoIP security affect the QoS? How would one handle it, if it does? IBM, Avaya deals signal IP telephony quality control's coming of age Ensuring voice and video quality about more than watching packet flows Security concerns for enterprise Skype VoIP service selection: MPLS, VPLS or Metro Ethernet? Microsoft's Real-Time Codec (RTC) for VoIP optimization Disaster and recovery in the VoIP/IPT RFP Unified Communications Tech Tip The significance of Avaya's Aura UC buyers should look for SaaS-based UC offerings in 2009 Using the iPhone in the enterprise? Social networking and discussion forums for the enterprise Streaming Cisco's IP Communicator to an HP thin client Demystifying unified communications deployment strategies Presence management and security Presence: SIMPLE versus XMPP Four factors driving videoconferencing Consider IBM Lotus SameTime for UC, not just Microsoft OCS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary vishing  (SearchUnifiedCommunications.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

is last thought is the most important point of this tip: You should realize that -- fundamentally -- the technology is the same for Internet and private WAN circuits. In fact, in many places, these circuits are probably logical provisions on the same physical fibers. From a practical standpoint, therefore, there's little difference between the public and private networks as far as privacy from sniffing is concerned.

Also, your private WAN traffic shares the same physical circuits with lots of other customers. This is true whether you use MPLS or a virtual circuit or point-to-multipoint technology such as ATM or Frame Relay. It's even true if your WAN is built from leased-lines such as T1s, which are circuit switched but still provisioned as small circuits over much larger physical connections in the backbone. Even as an innocent bystander, your company's data may still be at risk if an investigator obtains a warrant to sniff another company's data that happens to be serviced from the same POP. There are several ways to restrict the sniffing to a specific target, but no guarantee that they'll use one, or accountability if they don't.

Of course, each organization has to balance the cost of protecting its data with the risk of exposure, and most will conclude that additional security measures on their private WAN are not justified. But if you are concerned because you deal with sensitive data (e.g., medical records or technology research), then you should consider using SRTP on the WAN, just as you would on the Internet. And you might also consider encrypting each entire WAN circuit, if your topology permits.

About the author:
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry. He has co-authored several books on networking -- most recently,CCSP: Secure PIX and Secure VPN Study Guide published by Sybex.

Rate this Tip To rate tips, you must be a member of SearchUnifiedCommunications.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.