TMCnews Featured Article

Hosted VoIP PBX (News - Alert) phone service “is revolutionizing how the world communicates,” and “individuals, and businesses are embracing the capabilities and harnessing the power of the Internet,” according to a recent examination of the topic.

But security is a critical concern. Not necessarily people listening in to what you say, but for voice quality itself: “Most users implementing VoIP these days are primarily concerned about voice quality, latency and interoperability. However we shouldn’t overlook the security risks that can crop up when the voice and data worlds converge, users and analysts say.”

If you think about what are the most threatening attacks for Voice over Internet Protocol providers and enterprises, you might agree with officials of Avad Technologies, who say they are “those that can degrade the quality of voice, thus rendering the service useless.”

How does it usually happen? Avad officials point to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks as the simplest, most common culprits for voice quality degradation.

VoIP communication is tricky, since as company officials say, it “brings another dimension into the security challenge by introducing both control (signaling) and content (voice) parallel channels,” which together form the business voip telephone service:

“The dependence of these channels on one another drastically increases the risk that VoIP service can be damaged, as each one of the channels has its own vulnerabilities. It doesn’t matter which vulnerability is exploited because the attack renders the whole service useless.”

One approach is simply to make sure that your call manager and VoIP network aren’t directly accessible from the Internet. The University of Houston did this Avad officials note, and “went one step further and put its IP PBXs in a different domain than its other servers, and has limited administration access to the servers.”

Also, watch VoIP gateway technologies, which Avad officials call “a potential weak point. When VoIP for businesses is used externally, gateway technologies convert data packets from the IP network into voice before sending them over a public switched telephone network. When VoIP is used internally, the gateways basically route packetized voice data between the source and the destination.” This makes them easier to hack into.