As VoIP adoption expands throughout residential, corporate and governmental markets, security concerns keep growing possibly hindering the technologys nationwide deployment. According to a recent study conducted by the National Institute of Standards and Technology (NIST), federal agencies and other organizations that are considering switching their telephone systems to Voice over Internet Protocol (VoIP) should proceed with caution and carefully consider the security risks.
The analysts believe that while VoIP shows promise for lower cost and greater flexibility, the technology has a very different architecture than circuit-switched telephony, and these differences result in significant security issues.
"Administrators may mistakenly assume that since digitized voice travels in packets, they can simply plug VoIP components into their already-secured networks and remain secure. However, the process is not that simple," says the NIST report.
NIST says that implementing common security measures into VoIP, such as firewalls and encryption, can cause poor voice quality and blocked calls if not done carefully and with the proper equipment. Researchers believe that designing, deploying and securely operating a VoIP network is a complex effort that requires careful preparation, says the report.
Report authors recommend agencies and other organizations wanting to switch to VoIP to take the following precautions when deploying the technology:
- Develop appropriate network architecture, including separate voice and data networks where feasible and practical;
- Ensure that the organization can manage and mitigate risks to their information, system operations, and continuity of essential operations when deploying VoIP systems;
- Use and routinely test the security features included in VoIP systems;
- Update VoIP software regularly and frequently;
- And, since worms, viruses and other malicious software are common on PCs connected to the Internet do not use "softphone" systems that implement VoIP using a PC with a headset and special software.
Johanne Torres is contributing editor for TMCnet.com and Internet
Telephony magazine. Previously, she was assistant editor for EContent
magazine in Connecticut. She can be reached by e-mail at