VoIP and Security - What do I need to know?

There are a number of security issues associated with VoIP. Eavesdropping is a concern with both PSTN (Public Switched Telephone Network) and VoIP calls, but there are also other concerns that are unique to VoIP technology.

Since VoIP data is travelling through the Internet the same as any other kind of data, it is vulnerable to the same kind of attacks. There are many software tools available to hackers who wish to retrieve information that is being transmitted over the Internet, and these tools are just as effective with voice data as with any other kind of data.

While this may not be a concern when you are calling your Aunt Mary, it is a big concern for businesses that may routinely use telephone communication for discussing sensitive business information. Due to the increasing popularity of VoIP, security is a big concern and is receiving a lot of attention.

There are a number of points in the transmission of a VoIP call that a hacker can retrieve information from. As well as retrieving actual conversations, hackers could also get information like user identities and VoIP phone numbers. With this information, a hacker can make phone calls with someone else's identity.

Attackers could also record phone calls to listen to conversations and possibly even to restructure voice data to create conversations that never actually existed. Log files could also be accessed and altered.

There are a number of ways these security concerns can be addressed. The first is with encryption that provides the same kind of security as when sending credit card information over a secure data connection. The second is to separate VoIP data from other Internet traffic by using a Virtual Local Area Network (VLAN). Both of these methods can adversely affect call quality, but could be used optionally if the calls are sensitive.

Another security threat that hasn't actually been seen yet is the possibility of sending viruses with VoIP data. Viruses could potentially overload VoIP networks causing delays and reduction in sound quality.

VoIP is not invulnerable to spam either. In fact, there is already a name for it -- SPIT -- Spam over Internet Telephony. This refers to receiving unwanted marketing calls from companies trying to sell services or products.

Is My VoIP Service Secure?

For the individual consumer, VoIP security is mostly a matter of preventing others from eavesdropping on conversations.  Some VoIP service providers offer voice security through the means of encryption or separate data routes. Regular precautions for transferring files always need to be followed. Any data or program that is downloaded should be checked for viruses, and a firewall should be in place for protecting your computer from the Internet.

Hardware VoIP devices, on the other hand, are more vulnerable to attack. Some types of equipment can be rendered unstable or don't even work if they receive certain types of data. Some Internet phones are also susceptible to data piracy, revealing private information under specific conditions.

Businesses in particular need to be concerned about security issues surrounding VoIP. Since many businesses operate their own gateways and other equipment for connecting to the Internet, they are more susceptible to the Denial of Service (DOS) attacks or other kinds of malicious hacking.