There are many ways to protect a VoIP network, but the first decision to make is what are you protecting? In any type of IP communications, e-mail, Web, IM and now voice you must first ask yourself the following questions -- Do I need external communications? Is it two way? What are my corporate policies? Are there legislative concerns I must address? Then you must take a look at the internal network and ask yourself -- Do I need to separate this traffic for bandwidth concerns, policy needs or compliancy requirements?
After looking through these criteria, implementing a solution based on the capabilities of your servers must be addressed. Can the basic implementation address the issues raised in the design phase? Where are the gaps? Are there third party solutions that compliment an existing implementation while enhancing the security aspects that must be addressed?
In the scenario you describe, you are proposing to separate the traffic by implementing a VLAN approach. This approach is quite costly (as you noted) and requires an investment in extra networking equipment. Yet this still allows a determined hacker the chance to 'sniff' the network and capture voice traffic. If separated traffic is the intent and a necessary requirement, easier options such as TLS between the phone, soft or hard and the server would be a better design, reducing the hardware requirements while providing a more secure implementation.
Dig Deeper on VoIP QoS and Performance
Related Q&A from Andrew Graydon
For best practices, what traffic logging should be performed at firewalls? Is there an encryption for Voice over IP -- for example, to protect ... Continue Reading
A law enforcement professional charged with understanding the ways that crimincals might abuse VoIP, gets expert advice from Andrew Graydon, Chair of... Continue Reading
A SearchEnterpriseVoice.com member asked, "Do session border controllers (SBCs) improve security at the level of VoIP traffic?" Get the expert answer... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.