Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Protect Yourself Against The Worst VoIP Dangers: Page 2 of 4

With that in mind, the first step to ensuring VoIP security is to plug the holes in the network. "It's important to look holistically at security," Machowinski. "It has to be an overall strategy for data as well as voice."

Nevertheless, VoIP's vulnerabilities don't end with the IP network. Zar says that there are a number of security risks specific to IP telephony that VOIPSA has categorized, catalogued and presented in a thorough taxonomy. A good number of these relate specifically to the perils inherent in moving voice traffic from the closed circuits of the public switched telephone network (PSTN) to the wide-open Internet.

Traditional telephone calls aren't usually encrypted, primarily because they don't have to be. They're carried end-to-end on a managed network subject to rigorous regulation and controls. In theory at least, tapping a traditional phone requires some kind of physical intervention.

"Internet phone traffic isn't protected like that," he says. "The IP protocols were never really intended to be attack resistant, but there's also the question of privacy."

Unencrypted voice packets can be intercepted. Neither Zar, nor Machowinski think that packet interception is a widespread problem -- yet -- but it will probably become more common as VoIP goes increasingly mainstream. And it's not technically difficult, Zar says. "You have to know the art, but it's not a black art," he says. "As with viruses, there are two groups of people who are interested in these things. There are those who like to develop the tools to do it, and the less sophisticated people who use the tools."