 |
IN THIS ISSUE |
 |
|  |
|
|
VoIP: Secure or Not?
Multiple Layers of Security Supply the Missing Link
Many experts believe that, in addition to implementing an SIP firewall, packetized voice should be encrypted with an IPsec-compliant virtual private network as the packets move from one location to another. They also recommend using separate virtual LANs to manage quality of service. The bottom line: Securing voice applications in the enterprise requires layers of security.
Older VPN software didn’t allow QoS markings to be exposed. Pushing voice through an encrypted VPN can, in some cases, degrade quality of service to the point of being unacceptable. You can avoid this problem by using new routers with hardware encryption. When you encrypt the hardware, there is virtually no performance penalty for encrypting voice. But remember, packets do use bandwidth and cause latency issues.
Another strategy to secure voice is to harden the voice environment through separating the virtual LANs. Deploying VoIP devices on separate LANs utilizes QoS resources and allows dividing data traffic from voice and signaling traffic. Because you can set up VLANS for different types of voice and data traffic and devices, some believe that VLANs provide increased security, precious time for your troubleshooters to address voice quality issues, and flexibility to set QoS markings in the packet, not the VLAN.
Let’s face it, you need security measures in place whether you implement VoIP or not. The attacks we’ve experienced on our data network environment can be expected to occur in our converged environment. It is only a matter of time. So, is the talk about DoS (Denial of Service) attacks on VoIP really just vendors dishing out FUD (fear, uncertainty and doubt)? You decide.
FREE! SOS Secure Business Advisor Tool powered by Cisco Systems. Assess your company’s exposure to security threats and receive product and technology recommendations. Get this Tool!
[PRINTER FRIENDLY VERSION]
|
|
|
