IT Exam: Voice over IP Security: Answers
  1. Voice over IP systems have inherent technology flaws that make them less secure than other networked systems.
    False: Configured properly, voice over IP systems can be as secure as any other application running on a network. VoIP exposes voice traffic to all the threats of IP networking. The practices that apply to securing other IP applications, apply to voice over IP.
  2. Which security threat category requires the most attention in a VoIP system?
    Availability: Traditional voice networks are known for unparalleled availability. Running voice over an IP network exposes voice traffic to all the availability threats that affect IP networks. Likewise, tapping an IP network is easier than tapping a circuit switched phone network. Call integrity is of least concern among the three, as it is unlikely that a man-in-the-middle could intercept selected words, insert alternatives without notice.
  3. Which VoIP system component is the most important to secure?
    Call Management: While all components of a VoIP system require security controls to address confidentiality, availability and integrity threats, call management is the component without which the entire system cannot operate. Disruptions to call management can render all connected VoIP handsets unusable.
  4. Because VoIP systems are specialized, they have reduced patch and vulnerability management requirements.
    False: Like any interconnected system, VoIP components require vigilant security management. Keeping up to date on vendor patches and performing routine vulnerability assessments are no less important in a VoIP environment. While some vendor components run specialized operating systems, most are simply hardened versions of Windows or UNIX.
  5. Which technique yields the greatest security in a VoIP environment?
    All of the above: Each of the techniques noted are valuable tools to improve the security of a VoIP environment. By themselves, they do not guarantee security, and some may not be appropriate in every business operation, however each offers a measure of protection against common confidentiality, availability and integrity threats.


Created by Greenwich Technology Partners.


< powered by >


Return to the exam.