This is the first a regular series of articles examining and commenting on Voice over IP (VoIP) security issues. VoIP is now established as a mainstream IP application and has certainly earned its place alongside email and web.
Over the past 15 years email and web have completely changed both our business and personal communication; VoIP has the potential to deliver at least as great a change.
The clear business benefits of web and email triggered a change in the way companies used their data networks. To gain the benefits, those data networks were connected to the Internet.
The smarter network managers realised that this was not without risk and insisted on installing a firewall to protect these connections. The not so smart quickly paid for their mistakes, sometimes with their jobs.
VoIP has many similarities to both web and email; the full benefits are gained when VoIP networks are linked. These links expose VoIP systems to security threats. Some of these threats are known from other IP applications, but may are new.
Why then, when compared with email and web security, does VoIP security receive comparatively little attention? Is this a lack of awareness of the risks, or is VoIP security the elephant in the room, a problem ignored in the hope that it will go away.
This column aims to examine these issues and to enable informed choices to me made on VoIP network deployments.