Securing VoIP

October 2013 Cyber Security

Voice over IP (VoIP) is seen as a reliable, cost effective medium for voice communications the world over. However, since it’s based on IP (the Internet protocol), it is also vulnerable to the dangers facing other uses of IP, such as data transactions over the Internet. Hi-Tech Security Solutions spoke to Chris Sutherland, brand manager for Miro to find out more about VoIP as well as the security implications of using this technology.

Hi-Tech Security Solutions: VoIP is being marketed as a good communications medium, but it still depends on network performance and prioritising voice over other data. What kind of bandwidth does a company need to ensure good voice communications over VoIP?

Chris Sutherland: The network speed actually isn’t too much of a concern as VoIP takes up a very minimal amount of bandwidth. On a straightforward 100 Mbps network, you would be able to have thousands of VoIP calls with no issues. The problem is network architecture and how reliable your network is. Many companies have built networks and upgraded networks by simply bolting on extra switches and devices with no concern for network architecture or reliability. This means that the more networking hardware you have in a company, the more latency, lost packets and variability in latency you will have, especially when using low cost network equipment such as cheap switches. These latency issues and lost packets are absolute killers for VoIP traffic and will have a large effect on your voice quality.

The next thing you have to worry about is what type of traffic is the VoIP data going to have to share the infrastructure with. If the company is simply going to be browsing the Internet and sending e-mails through their network, then VoIP will happily run alongside this traffic as there will be plenty of spare network speed/throughput available. If the company is going to be maxing out their network lines by transferring large files such as AutoCAD drawings and the like, this can affect the performance of VoIP considerably and a separate, dedicated cable network should rather be considered for the VoIP infrastructure. If a separate cabled infrastructure is not an option, then you should segment your network and separate the VoIP traffic from the other standard network traffic by means of QoS. This allows you to give priority to the VoIP traffic, and ensure top quality voice calls. This type of setup can be achieved with network routers such as MikroTik, and by making use of managed network switches such as Edgecore, which will understand and operate with advanced network protocols such as VLAN.

Hi-Tech Security Solutions: What about when you break out into the Internet? We’ve all had Skype calls that are patchy even on supposedly good lines, how do you ensure quality when using infrastructure that does not belong to you and is not controlled by you?

Chris Sutherland: With Internet connectivity, there is unfortunately no guarantee of line quality. If you are going to be using standard Internet lines, QoS (Quality of Service) is key here. Being the owner of your network, you should know the types of traffic that are coming in and leaving your network, and you should put top priority to your VoIP traffic over any other type of Internet traffic. This doesn’t have to be an expensive exercise either.

The best option for VoIP connectivity is a closed system. Most top end VoIP providers are able to provide you with a breakout connection such as a wireless link, Diginet line, Fibre line etc., which communicates on a closed network, meaning the breakout link is only capable of carrying VoIP traffic, and no Internet connectivity is available. The VoIP providers are in direct control of these lines and can assure a much better voice quality and service. This closed system will of course also add a great deal of security to your system, as no outside Internet attacks are possible. I would not recommend ADSL lines for VoIP, regardless of whether or not they are dedicated to the VoIP provider, as ADSL is a heavily oversubscribed service and cannot offer the quality that VoIP requires.

Hi-Tech Security Solutions: We’ve also all heard about hackers and vulnerabilities involved when transmitting data over the Internet or even a corporate WAN, how does one secure VoIP traffic to prevent people listening?

Chris Sutherland: The only way to truly secure your VoIP traffic, is to secure your network. Firewalls, appropriate wireless security methods (WPA2) and managed Internet lines are top priority here and not just for VoIP traffic, but all traffic. VoIP trunks themselves can have an encryption method turned on, but the VoIP provider will need to support this feature. Of course, one of the best things to do is make use of a closed breakout connection which your VoIP provider will supply. This is an outbound line, but with no Internet traffic. It is purely dedicated to carrying voice traffic to and from your VoIP provider, and nowhere else, meaning there is no chance of outside tampering.

Hi-Tech Security Solutions: How can one secure against people, for example, hacking into the company WiFi network and then using the VoIP infrastructure to make calls or inject malware into the organisation? Is this something that can happen?

Chris Sutherland: This is a very large possibility, and again, it all comes down to security. Many people do port forwarding to their VoIP server so that they can access it remotely and perform remote configurations and remote VoIP calls. This is a great feature of VoIP, but is a massive security risk as this opens the door for others to remotely see your server and start their hacking attempts. This often results in VoIP servers being compromised, and thousands of Rands in phone calls being placed within a few hours, resulting in a large, unexpected phone bill.

The best way to avoid this scenario, but keep the remote functionality, is to make use of VPNs. VPNs are secure, robust and provide you with all of the remote access you need. You can now remotely configure the PBX from anywhere in the world, make phone calls from anywhere in the world, but not before you dial up to your network with an encrypted username and password.

For more information contact Miro Distribution, 086 123 MIRO, riandi@miro.co.za, www.miro.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity comment: Cyber threats remain relentless
Issue 4 2020, CA Southern Africa , Cyber Security
Over 80% of email-based threats in Q1 2020 leverage COVID-19 in some form to feign legitimacy to the end user.

Read more...
11 essential steps to reinforce cybersecurity
Issue 4 2020 , Cyber Security
Wayne Olsen has compiled a guideline to ensure that businesses and their employees are protected while working remotely.

Read more...
Cybersecurity comment: Securing the real endpoint
Issue 4 2020 , Cyber Security
The corporate perimeter is fast becoming irrelevant, as the so-called security boundary extends to wherever an Internet connection exists.

Read more...
Don’t squeeze your cyber assets
Issue 4 2020 , Cyber Security
Inadequate investment in cybersecurity is directly related to the spate of cyberattacks we’re seeing in South Africa now.

Read more...
Cybersecurity comment: Create layers of security
Issue 4 2020 , Cyber Security
Any organisation, whether large or small, public or private, should follow an established framework in order to protect itself against cyber threats.

Read more...
Next-generation security operations centre
Issue 4 2020, AVeS Cyber Security , Cyber Security
Pay-as-you-use cybersecurity from AveS allows all businesses access to world-class expertise.

Read more...
Strengthen your passwords for world password day
Issue 4 2020 , Cyber Security
May 7 is World Password Day and KnowBe4 is providing tip sheets, videos and tools to help people strengthen their passwords.

Read more...
Tips on secure remote working
Issue 3 2020 , IT infrastructure, Cyber Security
NordVPN advises how to stay secure while working from home during the coronavirus outbreak.

Read more...
The Trojan that’s nearly impossible to remove
Issue 3 2020, Kaspersky , Cyber Security
xHelper – the Trojan that’s nearly impossible to remove – continues to infect thousands of devices. How can you stay safe?

Read more...
Have your security on lockdown over the lockdown
Issue 3 2020, Vox Telecom , Cyber Security
It’s a given that people working from home have fewer security defences on their home networks than they would have in the office.

Read more...