Secure VoIP and Why Hope Should Not Be Your Strategy

The subject of Voice-over-Internet-Protocol (VoIP) security came up at a recent customer meeting and it was so novel to hear “VoIP” and “security” in the same question that I thought it would be worth revisiting.

The first thing I did was read up on VoIP-hacking and, ideally, high-profile cases out there. Strangely, my curiosity was not really piqued. A basic Google News search yielded only ten results for VoIP hacking! The best I could do was a story on the VOIP Security Alliance (VOIPSA) blog about a case of VoIP services fraud that actually had nothing to do with hacking. This blog may actually be one of the best places to read up on VoIP security and issues (

In thinking more about it I was struck that concerns about VoIP security seem, at least in the public discourse, to be receding instead of increasing; and that this is astonishing in a world where personal technology and social media are evolving as institutionalized pillars of enterprise infrastructure. Upon further consideration, I thought, as voice evolves as not only “just another application” but one that is being virtualized on our customers own IT infrastructure shouldn’t it be of more concern than ever (the world of mainstream trading communications has really only embraced the concept of convergence in thought and word vs. real-life deployment so far)?

VoIP  is, thankfully, no longer a new/new technology and with this maturity has come a welcome measure of respect. And, combined with an apparent dearth of high-profile security breaches, the topic of VoIP security has faded somewhat  into the background. Of course, the fact that the mainstream media is not focused on covering the topic of VoIP security does not mean it is not a real threat.

So, where to begin? Let’s start with some simple education through reading with an article in VoIP Planet that outlines the issues of security and Session Initiated Protocol SIP) and then move on to one about diagnosing potential vulnerabilities:

From here, in a follow-up post we will attempt to address in more detail security threats, challenges and best practices for securing VoIP infrastructure, applications and connections across the enterprise voice trading communications network.




Tags »

Date: Tuesday, 8. November 2011 11:26
Trackback: Trackback-URL Category: Industry Research, Security

Feed for the post RSS 2.0 Comments and Pings are closed.

Comments are close