VOIP / Converged Networks

The nature of Voice-Over-Internet-Protocol (VOIP) technology means that the risk exposure due to technology security threats can be quite different from the risks inherent in “traditional” switched PSTN and PABX telephony systems.  With conventional telephones, eavesdropping usually requires either physical access to tap a line, or penetration of a switch. Attempting physical access increases the intruder’s risk of being discovered, and conventional PABXs have fewer points of access than VOIP systems. With VOIP, opportunities for eavesdroppers increase dramatically, because of the many nodes in an IP network.

The integration of voice and data into a single network should not pose significant additional threats to the data side of the network as long as voice traffic is subject to the same controls as any other data – for example, traffic should pass through firewalls at the same boundaries, and be subject to the same monitoring/IDS and management systems. These threats need to be considered during all stages of a project - requirements gathering, planning and design, build/test/deployment and ongoing management.

eSecure are experienced in securing VOIP networks, having been involved in numerous VOIP design reviews, security reviews and VOIP deployment testing.