How to protect your VoIP network

Beware of phreakers, fraudsters, sniffers, RATS, SPIT, men in the middle, broadcast storms, Wi-Fi jamming.

1 2 Page 2
Page 2 of 2

In some configurations, organizations may try to process VoIP traffic preferentially by creating IPSec security associations that prioritize voice traffic over data. Some organizations may want to filter signaling traffic and RTP media streams through a Session Border Controller (SBC). SBCs operate as back-to-back user agents, concatenating and applying policy to calls between public and private user agents. In some respects, an SBC behaves like a secure e-mail proxy. It can rewrite message headers to hide details of private networks (such as addresses), strip unknown and undesirable header SIP fields, and restrict called-party numbers. Because media traffic flows through an SBC, RTP policies can be enforced at them.

These security measures, along with a proactive security monitoring and intrusion-detection and -prevention plan, not only improve VoIP security, but can greatly reduce the risks to data networks as organizations introduces VoIP. Many of these measures will continue to be useful in deployments even after security enhancements are incorporated into VoIP protocols and architecture.

Piscitello is president of Core Competence, an ICANN SSAC Fellow and author, with Alan Johnston, of Understanding Voice over IP Security. He can be reached at dave@corecom.com.

Learn more about this topic

Secure SIP protects VoIP traffic - Network World

05/01/06

Researchers seek to save VoIP from security threats

04/06/06

VoIP vulnerability may be over-hyped, analyst says

01/24/06

What will generate the real heat in '06? Let's start with VoIP security 01/09/06

Opinion

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
1 2 Page 2
Page 2 of 2
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.