SECURITY OF VoIP versus Traditional Telephony – What are the threats and how to overcome them

VOIP Security

PSTN or POTS which stands for Public Switch Telephone Network is the standard telephone connection to the majority of us today, and has been the sole providing system since the telephone made its way to the users.

These systems have dedicated lines (circuit switched) and are governed by technical standards created by the International Telecommunications Union (ITU-T).

This is a protocol which is optimized for the transmission of voice through the internet. It is referred to as IP telephony, Internet telephony, cvoice over broadband, broadband telephony and broadband phone.

There is a suite of IP-based communications service and provides multimedia communications over the IP networks (which internet is a part of, but not limited to such).

VOIP operates over any IP network and not just the internet and it provides a low-cost alternative to PSTN calling system.

PSTN versus VoIP
Publich Switched Telephone Network (PSTN) uses a SS7 signaling protocol (Signaling System # 7) and is a circuit-switched network (ATM/Frame relay). It is a pretty expensive infrastructure based system but provides reliable quality of transmission.

Voice Over IP (VoIP) uses SIP, H.232, RTP and more protocols for its transmission of data. It is a packet switched network system which is based on a converged infrastructure, and has up till now at least a unreliable quality of transmission, and highly dependent upon where you and receiver are located globally, regionally and locally.

Traditional features we are used to over the telephone systems are call waiting, caller ID, transfer of calls, Three-way calling, conference call capabilities. IN addition to these features VoIP will be able to provide business application integration with for instance tying IP telephony to a Customer Relation Market database (CRM).

It will also be possible to do calendar integration with desktop applications like MS Outlook for instance.

You can get detailed information about each caller and use of mobility – “follow-me-service” which makes it possible for users to work from anywhere.

VoIP benefits are the traditional argument about costs of course, but the scalability of system is a far better argument when it comes to business use of VoIP.

It provides a simplified network engineering concept and makes it possible to do applications integration.

Today there are several alternatives like Skype, Vonage, Google Talk and MS Messenger to mention a few and it is bound to be more available in the years to come, but also the functionalities of existing applications will increase dramatically according to user market.

Today less than 2% of user market used VoIP in 2005, it increased to aroud 10% in 2009, and is expected to increase to around 18 percent in 2011.

This increase in market share of VoIP over traditional telephone systems will require systems to handle this amount of users which is expected to be around 300 million users in 2011.

When we look at the penetration of VoIP in various markets around the world, some interesting facts comes to the surface.

The market share of VoIP in Japan is estimated to around 62.5% today, as for North America it is estimated to around 16 percent, in France the market share is around 11% and in Italy 4.5 percent. Germany has a market penetration for VoIP of around 2 percent and the Netherlands follows with 1 percent, as for Sweden and Norway they have a market penetration of VoIP of around 0.5% each.

The U.S VoIP subscribers are spread over 7 major service providers like Comcast , Time Warner, Vonage, Cablevision, Charter, Bright House and 8×8 which is supposedly the largest with around 3.2 million subscribers in the U.S, closely followed by Time Warner and Vonage each with around 2.4 million subscribers.

In Europe there has been a dramatic increase in households utilizing VoIP as telephone system. We can see the largest penetration in the household market in France with around 48% followed by Netherlands with around 35%. Norway comes in on third place with around 22% as for the other countries lies around 10% each in average.

IBIS World 2012 estimates that the U.S will have approximately 25.4 million VoIP subscribers in 2012.

VoIP equipment revenue development from 2007 to 2011 is prognosed to go from 3.5 billion USD to around 8 billion USD by the end of 2011.

There have been raised concerns about VoIP systems amongst users, and especially business clients have been concerned.

Integrity of systems is one concern as voice quality should be excellent and the availability should be 365/24/7 dial-tone.

The confidentiality is another concern raised by business users, as all communication should remain confidential.

Authenticity is a factor ranked high as valid subscribers should be able to access the service provider’s network. And last but not least the regulatory compliance issue is a must. This also makes the need for corporate best practice documentation and routines.

There are security threats to an IP network which VoIP uses. These threats are of a widespread type. It could be denial of service attacks, called DDOS attacks, Spoofing (caller ID), voice alteration (hijacking) and toll fraud (theft of service). All these types of threats can result in the loss of privacy and integrity of users on VoIP.

You also have the chance of SPIT (Spam over Internet Telephony or VoIP). You will also have the chance of being exposed to advertising that appears in a VoIP voice mailbox.  Then there is the chance of Vishing which is the process of persuading users to reveal personal information.

So, certain security measures need to take place before serious business use of VoIP systems can take place.

Use of Encryption and VPN systems will become a necessity as well as the use of Digital Certificates. There needs to be a separate VoIP network from the data network in a company or in a household. Computer systems need to have installation of Intrusion Prevention Systems and Firewalls. Use of Session Border Controllers (threshold policy rules) will have to take place. There is a need to implement a campaign to make awareness on using high-risk programs that expose the company or household to outside attacks.

To day, not a single virus is reported that is specific to attack or infect the VoIP packets. However, this will come without a shadow of a doubt.

(Visited 38 times, 1 visits today)

About the author


Leave a Comment

/* ]]> */