Security has long been a topic of concern for VoIP users, particularly those who employ VoIP service over networks with valuable customer and proprietary company information. Common threats to security for such networks involve both authentication-related and privacy issues, many of which are similar to those for any sort of data transmission system and which have, for the most part, similar solutions. Denial of service attacks or network security leaks are most susceptible in areas in which specific ports in an organization’s firewall must open to permit transmission of voice data packets, in which there are IP PBXs, and in which gateway technologies are employed.
Due to the fact that a network’s firewalls must be opened at certain ports to allow transmission of VoIP data, prudent security measures to compensate for this occurrence include the encryption of the entire computer network, which will enable VoIP transmissions to be encrypted as well. The encryption of internal VoIP traffic should significantly reduce insider attacks, while it is useful to separate and isolate voice traffic onto a virtual LAN and run the encrypted VoIP traffic over a virtual private network for external communication. Other effective means of compensating for open ports is to turn off VoIP protocols that aren’t currently being used by the network to seal those points of entry.
IP PBXs, which are largely server-based and are used for logging call information as well as for facilitating VoIP service through an internal or a proprietary operating system, are frequently vulnerable to a number of infiltrations and viruses. Hacking into these areas can result in substantial compromising of valuable information, which is why it’s best to keep such equipment frequently monitored with intrusion detection systems and securely placed behind firewalls. Other security measures for IP PBXs include patching them against vulnerabilities and separating their domain from that of other servers to deny internet accessibility to them. It may even be useful to grant limited administrative access to their servers.
These technologies also provide a means through which hackers may infiltrate a VoIP system and make free phone calls. The external use of VoIP requires gateway technologies to convert data packets from the IP network into voice information which is then sent over a public switched phone network, which allows infiltrators to the ability to modify, store, identify, and play back the traffic transmitted through the network. The key to compensating for this particular vulnerability is to restrict access control lists and configure the gateway so that only approved users have the ability to utilize voice calls.