Monday, November 10, 2008

The Importance Of Security In Business VoIP Applications

By Michael Lemm

It's unfortunate that when evaluating business VoIP solutions few mention the word security except in the context of web-based administration. This could be a fatal miscue to your business.

Keep in mind that a big advantage of VoIP is you can have people working from home or on the road. When you're logging in, are the credentials passed in the clear? Don't just take the vendor's word for it, have you tested it using a packet sniffer? If it's a requirement, is the call data encrypted?

Here's a scenario to consider:

You have Sales reps using an open WiFi network at a coffee shop or at a hotel. The call setup information is unencrypted and the IP stream carrying the conversation is unencrypted.

Why should you care about either of these things? Two risks:

#1: Toll fraud. Someone can sniff that authentication information and impersonate your sales rep. Your switch doesn't know the difference. You might not know that the credentials got swiped until your bill shows up with calls to a lot of foreign countries or (if you're very lucky) your carrier calls you and asks why your calling patterns have changed so much.

Good luck trying to get credit for toll fraud. The carrier is going to tell you that they put access to their network in at your premises and it was your responsibility to control it. There's probably language that covers them in your contract and/or tariff.

#2: Confidentiality of trade secrets. Maybe it's a quick call to check on fantasy football standings. But it could also be a call to a supplier to see if they'll do special pricing on a deal. That call could also be followed up by a call to a sales manager to talk about percentage mark-up. An unencrypted VoIP stream may seem complicated but its trivially easy to reassemble and "record" the whole conversation.

The above scenario is just an example of many ways your VoIP system may be vulnerable. I'm not discouraging you from implementing a business VoIP system if it's right for you. I am encouraging not to thoroughly evaluate security implications and be prepared to guard against any potential issues.

Michael is the owner of FreedomFire Communications....including DS3-Bandwidth.com and Business-VoIP-Solution.com. Michael also authors Broadband Nation where you're always welcome to drop in and catch up on the latest BroadBand news, tips, insights, and ramblings for the masses.