There is a concern regarding the internal possibility of 'man-in-the-middle' type of attacks, such as eavesdropping, interception, caller-ID fraud, etc. While this may sound fraught with danger, since all of the VoIP communications are internal, it will only cause an issue if the internal network is compromised by a trusted user, either onsite or through a secure remote connection.
VoIP installations do, however, become more of a security concern when the IP traffic containing the voice data is passed over the open Internet. This opens up the possibilities of all 'man-in-the-middle' attacks originating from every external IP address on the network (i.e. anyone), with the possibility of DoS attacks being directed against the open ports on your perimeter necessary for the VoIP traffic to communicate with the recipient.
Before you decide not to implement an open VoIP system though, it is important to remember that HTTP and SMTP suffer from the same issues. In the case of SMTP, you use a secondary system after your firewall to guard against attacks such as viruses, spyware, spam, DoS attacks, and other threats to your mail system. VoIP systems can be secured in a similar fashion with perimeter security devices giving you the protection to deploy IP PBX with the same piece of mind as you utilize your e-mail.
Dig Deeper on VoIP QoS and Performance
Related Q&A from Andrew Graydon
For best practices, what traffic logging should be performed at firewalls? Is there an encryption for Voice over IP -- for example, to protect ... Continue Reading
A law enforcement professional charged with understanding the ways that crimincals might abuse VoIP, gets expert advice from Andrew Graydon, Chair of... Continue Reading
Expert Andrew Grayson of VoIPSA explains some cost-efficient alternatives to keeping data and VoIP traffic on separate VLANs. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.