VoIP is a specialist application and requires specialist security technologies. Standard firewalls, that are used for protect web and email servers do not offer a complete solution for VoIP. Even so-called SIP Aware firewalls offer only a partial solution.
While firewalls can address the IP network level threats they are less effective at protecting against application and protocol specific threats and offer no protection against content related threats.
VoIP is a real-time application, packets carrying fragments of conversation must be delivered in near real-time. Any of the attacks outlined above can seriously disrupt this delivery. These means that the attacks do not even need to succeed in their original aim in order to impact the performance and usability of a VoIP system.
Although one of the benefits of VoIP is that shares a common network transport with email, web, Instant Messaging and a wide range of other applications there are important differences between VoIP and more traditional IP applications. Effective VoIP security requires purposed designed security solutions.
Peter Cox, CTO of Borderware, will be speaking at FIRST Security Conference in Sevilla. FIRST is the premier organization and recognized global leader in incident response. For more info, visit FIRST's website at http://www.first.org.