Subscribe

How secure is your VOIP?

One of the most important ways in which VOIP is safer, is how it will keep prying ears away from potentially private business conversations, says Mitchell Barker, CEO of WhichVoIP.co.za.


Johannesburg, 05 Feb 2015

Since Voice over Internet Protocol (VOIP) makes use of the Internet to convert voice calls into data packets and send it via the Web until it reaches its destination, there have been fears that it is therefore susceptible to the same threats and attacks as the regular network.

Although this is true, many industry experts maintain that VOIP beats analogue phones hands(ets) down when it comes to security.

Among them is Mitchell Barker, founder and CEO of WhichVoIP.co.za, a directory Web site containing a comprehensive list of South Africa's top VOIP providers. According to him, one of the most important ways in which VOIP is safer, is how it will keep prying ears away from potentially private business conversations, since VOIP is far more difficult to eavesdrop on than a traditional, analogue phone line.

"This is because the voice data packets at the heart of VOIP calls are usually encrypted," he explains. "Yet, on traditional phone lines, the callers' voices are broken into analogue electrical signals which are then sent over telephone lines. Such analogue signals cannot be encrypted, which is why it is much easier to trace, bug and intercept calls on PSTNs (public switch telephone networks) by merely placing listening devices inside phone handsets. And even on cellular phones and wireless handsets, radio scanners can pick up signals."

While Barker concedes there are an increasing amount of hackings, viruses and other attacks aimed at Web-based devices and services - including VOIP - he says such onslaughts require great skill, effort and sophistication to execute. "Since VOIP calls are converted into data packages, hackers must find a way to convert and translate various bits of binary data into the actual voice conversation that took place."

He admits there are conversion tools available and other ways for hackers to eavesdrop, but says there are still more ways in which VOIP can be protected against attacks and other security vulnerabilities than analogue phone systems. "Since the attacker requires access to the LAN segment the VOIP packet is travelling across, your business should use Ethernet switches instead of hubs, since this will limit the amount of places where such exploits are possible."

Barker cautions eavesdropping is not the only way in which VOIP calls could be compromised. "There are denial of service (DOS) attacks too, which is when your service is disrupted due to hackers flooding your network with large amounts of data. Then there is also something called VOIP spam or SPIT, which stands for spam over Internet telephony," Barker explains. "This is when spammers send out massive amounts of automatically dialled pre-recorded phone calls using VOIP, calling victims hundreds of times. SPIT spammers exploit the SIP (session initiation protocol) technology used in VOIP to carry out these attacks."

The good news is that there are ways in which VOIP users can protect themselves from these attacks, Barker says. "SPIT can be mitigated and prevented by blacklisting and whitelisting possible spammers, via consent-based communication and by using audio captchas (asking callers to answer specific questions before their call is put through). And carefully configurated firewalls can be used to mitigate DOS attacks against VOIP networks."

In conclusion, Barker says the security of VOIP depends largely on the safety of the underlying network. "If the company network is not secure, then your VOIP will also be at risk of these above-mentioned attacks. The security of the company's entire network is the foundation upon which your VOIP is built, so if that is strongly secured, then your VOIP will also be less susceptible to attacks."

Share

Editorial contacts

Chyrisse
WhichVoIP
chyrisse@whichvoip.co.za