By Carl Weinschenk
Should businesses avoid the public Internet and only use VoIP services that operate over private IP backbones?
ZIMMERMANN: I think we can use the public Internet if we develop the appropriate protection technologies.
GRAYDON: Utilizing VoIP over private IP connections or only through an IP-to-public gateway (either internally or through a commercial provider), negates the promised benefits of a VoIP deployment. Securing your VoIP installation at the perimeter with a security device will allow your VoIP installation to be used in any configuration, including . . . over the open Internet. It is, after all, no different than how we send email and surf the web.
HINJOSA: Most businesses are going to choose VoIP for the cost savings on telephone charges. In this case the data is going to be traversing the public Internet. Businesses trying to tie together multiple sites are looking at VoIP because of its ability to manipulate voice as data. They may already be using dedicated, engineered lines for data between locations. Dedicated service provides privacy during transmission and QoS [quality of service] guarantees from the provider. This is also expensive, and a benefit/cost analysis would have to be done to determine viability. So the answer depends on why VoIP is being considered in the first place.
Is there a way that small or startup businesses can keep a successful attack on the general data network from taking down the VoIP system?
ZIMMERMANN: Firewalls, IDS [intrusion detection systems] . . . There are a lot of methods for dealing with people breaking into the network. Of course they don’t always work. A lot of people don’t put all those protections in place. The ideal place to encrypt a call is in the phone itself.
GRAYDON: These concerns can be alleviated by designing the network properly and separating the entry of data and VoIP at the perimeter, using a general firewall for data and a specific security device for VoIP. A good perimeter solution for VoIP should be able to intercept attacks on a VoIP system.
Doesn’t it make sense to bypass a technology that likely will become a big target in favor traditional networks, where security isn’t an issue?
GRAYDON: VoIP is the start of the next generation of communications where email, instant messaging, voice and video converge. A key benefit of using this means of communications over traditional phone systems is the significant cost savings. Considering that many of today's traditional PBX deployments are already digitalic and the telco backbone is IP-based, why not adopt VoIP now? Why wait? There is a widespread apprehension towards implementing VoIP systems due to security issues. But if you deal with VoIP as another IP system, you can design and deploy VoIP [safely] utilizing your current network.
HINJOSA: As the needs of a particular company will vary greatly, a company specializing in VoIP systems should be consulted for an initial needs assessment. This step is a critical step to creating a system that will meet current and future expansion needs, be cost effective and secure. Do not rely on only one source. Getting multiple quotes and assessments is a good idea. There are different solutions and one size and type doesn’t fit all. Do not try to “wing it” on your own. There are too many variables to consider from the business needs and security perspectives.
Is VoIP security easier to implement for a startup with no legacy telecom infrastructure as opposed to an existing company?
GRAYDON: Either way, the security concerns can be addressed easily when the requirements are understood and addressed as one would address a standard IP [application]. Implementing the actual VoIP component of the solution may be easier for the startup, as its implementation does not require co-existences [with another telephone network]. However, the security concerns for both a startup with no legacy telecom infrastructure and an existing company are identical from an IP perspective.
HINJOSA: No. There are many reasons that a business would want to utilize VoIP internally and or externally. After an assessment, if a good business case can be made for VoIP there is no reason to abandon this technology. A similar parallel could be drawn during the early days of business computerization. Security was and is a concern in data processing, but that is not a reason to give up the benefits technology. With reasonable precaution and planning in place VoIP can be very good investment for a business.
|