Running phone calls over an Internet Protocol network can save money by reducing per-call fees and taxes. But security considerations can eat into your savings—or swallow them whole—if the bad guys bring down your voice network.
Here are a few potential problem areas with a telephone system based on Internet protocols, according to Gartner’s Meta Group:
1. Calls may be intercepted.
2. Other network services may be open to attack because of vulnerabilities in the telephony implementation.
3. Internet-based phone equipment can be used to make unauthorized calls or commit fraud.
4. Voice service may be degraded or interrupted. Attacks can corrupt the setup of a system; viruses and denial-of-service attacks can affect the functioning of servers in the data network as well as phone handsets.
Each piece of the telephony infrastructure requires different security considerations. Traffic from devices such as IP phones should be considered untrusted, Meta says; data generated by such devices should be monitored and controlled by a firewall.
Media-related servers, such as voice-mail message servers, should be accessible only by telephony devices. Tight controls must be in place for administrative access to telephony systems and equipment.
Finally, call-handling servers, which take care of call routing and maintain the database of employee extensions, should be protected from denial-of-service attacks by placing them on “virtual” local area network segments; that makes them, practically speaking, invisible to the outside world.
