Securing VoIP

October 2013 Information Security

Voice over IP (VoIP) is seen as a reliable, cost effective medium for voice communications the world over. However, since it’s based on IP (the Internet protocol), it is also vulnerable to the dangers facing other uses of IP, such as data transactions over the Internet. Hi-Tech Security Solutions spoke to Chris Sutherland, brand manager for Miro to find out more about VoIP as well as the security implications of using this technology.

Hi-Tech Security Solutions: VoIP is being marketed as a good communications medium, but it still depends on network performance and prioritising voice over other data. What kind of bandwidth does a company need to ensure good voice communications over VoIP?

Chris Sutherland: The network speed actually isn’t too much of a concern as VoIP takes up a very minimal amount of bandwidth. On a straightforward 100 Mbps network, you would be able to have thousands of VoIP calls with no issues. The problem is network architecture and how reliable your network is. Many companies have built networks and upgraded networks by simply bolting on extra switches and devices with no concern for network architecture or reliability. This means that the more networking hardware you have in a company, the more latency, lost packets and variability in latency you will have, especially when using low cost network equipment such as cheap switches. These latency issues and lost packets are absolute killers for VoIP traffic and will have a large effect on your voice quality.

The next thing you have to worry about is what type of traffic is the VoIP data going to have to share the infrastructure with. If the company is simply going to be browsing the Internet and sending e-mails through their network, then VoIP will happily run alongside this traffic as there will be plenty of spare network speed/throughput available. If the company is going to be maxing out their network lines by transferring large files such as AutoCAD drawings and the like, this can affect the performance of VoIP considerably and a separate, dedicated cable network should rather be considered for the VoIP infrastructure. If a separate cabled infrastructure is not an option, then you should segment your network and separate the VoIP traffic from the other standard network traffic by means of QoS. This allows you to give priority to the VoIP traffic, and ensure top quality voice calls. This type of setup can be achieved with network routers such as MikroTik, and by making use of managed network switches such as Edgecore, which will understand and operate with advanced network protocols such as VLAN.

Hi-Tech Security Solutions: What about when you break out into the Internet? We’ve all had Skype calls that are patchy even on supposedly good lines, how do you ensure quality when using infrastructure that does not belong to you and is not controlled by you?

Chris Sutherland: With Internet connectivity, there is unfortunately no guarantee of line quality. If you are going to be using standard Internet lines, QoS (Quality of Service) is key here. Being the owner of your network, you should know the types of traffic that are coming in and leaving your network, and you should put top priority to your VoIP traffic over any other type of Internet traffic. This doesn’t have to be an expensive exercise either.

The best option for VoIP connectivity is a closed system. Most top end VoIP providers are able to provide you with a breakout connection such as a wireless link, Diginet line, Fibre line etc., which communicates on a closed network, meaning the breakout link is only capable of carrying VoIP traffic, and no Internet connectivity is available. The VoIP providers are in direct control of these lines and can assure a much better voice quality and service. This closed system will of course also add a great deal of security to your system, as no outside Internet attacks are possible. I would not recommend ADSL lines for VoIP, regardless of whether or not they are dedicated to the VoIP provider, as ADSL is a heavily oversubscribed service and cannot offer the quality that VoIP requires.

Hi-Tech Security Solutions: We’ve also all heard about hackers and vulnerabilities involved when transmitting data over the Internet or even a corporate WAN, how does one secure VoIP traffic to prevent people listening?

Chris Sutherland: The only way to truly secure your VoIP traffic, is to secure your network. Firewalls, appropriate wireless security methods (WPA2) and managed Internet lines are top priority here and not just for VoIP traffic, but all traffic. VoIP trunks themselves can have an encryption method turned on, but the VoIP provider will need to support this feature. Of course, one of the best things to do is make use of a closed breakout connection which your VoIP provider will supply. This is an outbound line, but with no Internet traffic. It is purely dedicated to carrying voice traffic to and from your VoIP provider, and nowhere else, meaning there is no chance of outside tampering.

Hi-Tech Security Solutions: How can one secure against people, for example, hacking into the company WiFi network and then using the VoIP infrastructure to make calls or inject malware into the organisation? Is this something that can happen?

Chris Sutherland: This is a very large possibility, and again, it all comes down to security. Many people do port forwarding to their VoIP server so that they can access it remotely and perform remote configurations and remote VoIP calls. This is a great feature of VoIP, but is a massive security risk as this opens the door for others to remotely see your server and start their hacking attempts. This often results in VoIP servers being compromised, and thousands of Rands in phone calls being placed within a few hours, resulting in a large, unexpected phone bill.

The best way to avoid this scenario, but keep the remote functionality, is to make use of VPNs. VPNs are secure, robust and provide you with all of the remote access you need. You can now remotely configure the PBX from anywhere in the world, make phone calls from anywhere in the world, but not before you dial up to your network with an encrypted username and password.

For more information contact Miro Distribution, 086 123 MIRO, [email protected], www.miro.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
NEC XON disrupts sophisticated cyberattack
Information Security
NEC XON recently showcased its advanced cyberthreat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider.

Read more...
What’s your cyber game plan?
Information Security
“Medium-sized businesses are often the easiest target for cyber criminals, because they are just digital enough to be vulnerable, but not mature enough to be fully protected," says Warren Bonheim, MD of Zinia.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.