Home | Business | Residential | News | About | Contact

News

Current

Archive

Welcome

Telarus News

Products

Feature

Case Study

Team Profile

Comment
Comment

Securing VoIP

Your existing firewall that is checking your data traffic is okay for VoIP too right? The answer to this is often no! To secure your VoIP network correctly, it is imperative that your firewall does not impede the operation of your phone system.

Your data traffic does not tend to be overly sensitive to the delay that is inherent with many firewalls as they process your filter rules and inspect your traffic before allowing it to pass through the network. Unfortunately, such a delay and the variance in the delay does tend to "disrupt" voice-over-IP traffic. Your calls may start breaking up or even drop out completely.

It is crucial that you have a firewall in place that is appropriately engineered to switch voice traffic. Such firewalls will typically perform all necessary filters and inspection in hardware (i.e. they use special purpose silicon chips rather than software running on a general purpose processor).

Some phone systems have trouble switching calls across firewalls that implement NAT (Network Address Translation) – otherwise known as NAT traversal. As NAT, the ability to map real-world Internet IP addresses to private IP addresses, is typically enabled by default on most firewalls and is readily used throughout the world, presents quite a problem.

What happens in practice is that a user can initiate the VoIP session without a problem but, if the session is not held open, when the VoIP phone system tries to present a call to the user, it won’t know how to reach them.

It’s okay if you are making outbound calls because each time the session is re-initiated, but for inbound calls it can become a real problem.

Also keep in mind that traditional PBX phone systems are relatively secure as they run on proprietary hardware and don’t connect to the Internet. Hackers can still crack into such systems, but these types of attacks are seldom compared to attacks via IP networks and tend to require a significant level of skill.

With VoIP, however, your phone system is connected to the Internet and if you haven’t taken the right steps, someone may compromise and control your phone system, making high cost long-distance calls and even listening in on your own calls.

For VoIP to be implemented without reducing the security of an existing data network, it is important to separate the VoIP traffic from the data traffic.

You can do this by using separate cabling for your VoIP phones, however this removes some of the cost advantages associated with VoIP. Thankfully, it’s possible to logically separate traffic by using virtual LAN’s (VLAN’s) to isolate your voice traffic from your data traffic.

Separating your voice and data traffic on your LAN in such a fashion is also likely to increase the performance on your network. This is particularly important for VoIP as it is sensitive to the jitter (variance in delay) that can be caused by heavy data transmission.

In the end, it is imperative that your VoIP network is secure, but still runs smoothly at the same time. There’s nothing worse that having an unreliable voice network and if you don’t take into account the different requirements for voice and data traffic, you can run into trouble.


  © Telarus Pty Ltd 2006