NIST publishes paper on VoIP security considerations

NIST publishes paper on VoIP security considerations

In January, 2005, the National Institute of Standards and Technology (NIST) released a publication entitled Security Considerations for Voice over IP Systems (Special Publication 800-58). What makes this paper both

    Requires Free Membership to View

    Login

    SearchUnifiedCommunications.com members gain immediate and unlimited access breaking industry news, expert advice on UC, technical guides, and more -- all at no cost. Join me on SearchUnifiedCommunications.com today!

    Kate Gerwig, Editorial Director

    By submitting your registration information to SearchUnifiedCommunications.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchUnifiedCommunications.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

interesting and worth reading is that it provides a darned good overview of key security issues facing organizations that use Voice over IP technology, and its inclusion of specific recommendations to help IT managers minimize security exposures that VoIP can pose. This paper has been circulating in draft form since mid-2004, and its authors include both government and industry experts in the VoIP field.

Among the many worthwhile security recommendations that the paper makes are the following:

  • Create logical separation between voice and data networks as much as is practical, rather than building single networks that completely lump both classes of service together. Likewise, VoIP firewalls make as much sense as do regular IP firewalls, so their deployment and regular testing and maintenance are also highly recommended.
  • Use of VoIP softphones (computer hookups with headsets, rather than standalone IP handsets) is discouraged in situations where either security or privacy is necessary or desirable. Here again, unnecessary convergence can increase vulnerabilities.
  • The paper also provides specific coverage of and recommendations for topics that include H.323 encryption issues and performance, SIP security issues and offsetting enhancements, VoIP gateway issues and security precautions, and VoIPSec issues and answers.

Organizations with existing or planned investments in VoIP technology should be at least mildly concerned about security issues, and will be pleased at the depth and detail in this report, along with its prescriptions for addressing issues and enhancing security where possible.

It's really great to see taxpayer dollars put to such undeniably good and effective use!

Ed Tittel is a regular contributor to numerous TechTarget Web sites, and the author of over 100 books on a wide range of computing subjects from markup languages to information security. He's also a contributing editor for Certification Magazine, and edits Que Publishing's Exam Cram 2 and Training Guide series of cert prep books. E-mail Ed at etittel@techtarget.com.


This was first published in February 2005

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top