The telecom security industry faces a battle for control. Those taking advantage of the digital networked economy in order to enhance prosperity are encountering increasingly sophisticated opposition from those who want to damage them by attacking it. One area where the struggle is particularly intense is in voice and data environments.
The benefits of convergence are well known. They include bandwidth efficiencies, cost reductions, enhanced scalability and improved productivity. This latter benefit stems mainly from the ability to run a broad range of applications over a converged network including video conferencing, unified messaging and flexible remote access. There are also significant economies of scale to be achieved from using just one management system to control the whole voice and data infrastructure.
In addition, running voice and data over a single infrastructure enables substantial hardware savings to be made and reduces the need for separate maintenance contracts to be negotiated. Also, cabling at the user site is significantly reduced by the provision of a single point at the user premises supporting both voice and data.
While these arguments may be well rehearsed, the security requirements of converged networks and the growing threats posed to these networks are not so well understood.
Before the advent of voice and data convergence, voice traffic was secure in the protective proprietary operating environment of PBX systems. Now, however, it is typically just another generic computing platform within a company's data system and consequently subject to the same risks that affect the data environment as a whole.
One potential area of vulnerability is the voice signaling server, used to set up and manage calls. If attackers manage to infiltrate these systems, they gain access to lists of incoming and outgoing calls and details about their duration. Moreover, if they breached the VoIP gateway, they potentially put voice conversations themselves at risk from eavesdropping, recording, replaying or even call redirection. Equally, the availability of the IP network could be endangered, threatening the ability of an organization to communicate via either voice or data.
For all these reasons, the security of data networks becomes of absolutely paramount importance when such networks are used to carry voice calls. When voice service fails even for a short time, it can have disastrous consequences. So what techniques can be used to protect voice traffic?
The security challenge
The challenge is in several parts. First, there is the need to secure the voice traffic when it is in transport. One potential countermeasure is effective encryption, ensuring that as the voice data transfers through the network infrastructure, it is sufficiently secured to prevent outside parties from accessing and reading it.
The second threat is intrusion -- people breaking either into the network itself or devices on the network and corrupting, reconfiguring or changing them. The standard approach here is to control user access by passwords. New types of 'fingerprinting' security systems are now being developed to monitor and track the activities of those who have broken into the network and to identify and eliminate any viruses they leave behind.
Despite these advances, there is still a degree of naivety in some quarters at the sensitivity of the marketplace to voice performance and voice resilience. But the industry is now starting to wake up to the significance of robust voice solutions and the importance of building this type of security functionality into voice applications. And many of the former data solutions giants are now putting their marketing muscle behind voice and exploiting it as a differentiating feature.
As a result, there is set to be significant market growth in solutions that are designed to protect IP telephony platforms. Equally, the value of IP telephony security is likely to receive greater recognition and more robust voice security built into the fully converged solutions currently being developed for customers.
A complex business
Of course, VoIP security cannot be seen in isolation. It is just one, albeit critical, part of the complex integration challenge facing providers of converged solutions today.
In the past, voice networks were very robust and built on long established and evolved standards. Equally the process of PBX configuration had become almost routine and voice transmission plans, interface and integration processes were all well practiced and well rehearsed.
Customers would generally purchase a PBX having previously specified its exact configuration and functionality. The pre-configured PBX would then be shipped to site and connected to the installed network circuits and the whole system would be ready to switch on.
Learn how to optimize voice over WAN, for more information.