Free Essay

Voip Security in the Enterprise

In: Computers and Technology

Submitted By dianakay18
Words 1279
Pages 6
Introduction
Voice over IP (VoIP) is the transmission of voice over packet-switched IP networks, as of right now it is one of the most prominent emerging trends in the revolution of telecommunications (Thermos, 2009). Almost everyone one is driven by technology in one way or the other. With this drastic growth in technology over the pass years and with this rapid growth in advancement it as also presented many ground-breaking improvements; which have contributed significantly to the simplification of day-to-day activities. Nevertheless, this advancement may have a negative effect on the way we communicate using these technology we have come to love. However, with the demand for communication technology on the rise so is the need for additional security. This paper will look at the implementation of VoIP and the necessary security needed in the Enterprise for transmission of safe commination. In addition, this paper will also explain the many advantages and disadvantages (risk) of using a technology such has VoIP in the Enterprise.
Implementation Tips
VoIP can be very successful in the enterprise if it is done properly using the right techniques and technology that is the right fit for the organization. On the other hand, it can be very unsuccessful and a huge failure. Some companies when considering implementing voice over IP they fail to first make sure that the system is working properly before putting aside their grandfathered system, such as private branch exchange (PBX). As with any new technology VoIP too has security risk. Therefore, companies must also take into account the correct security policies before they implement VoIP which will aid the company in having a better protected device (Thermos, 2009). In addition, implementing security protocol should be an essential part when considering making the switch from traditional phone systems, and should also take into account the specific types of applications being use in the company. Some Administrator may presume that it is not important to put into place additional security techniques for VoIP since the transmission is digitized voice; which travels through packets they can simply just plug VoIP component into their previously secured network and it too will be secure. However, this is far from reality and with serious consequences. Some security features that the companies could consider when implementing VoIP should include: VoIP “aware” firewall, Authentication, Developing appropriate network architecture (Fries, Kuhn, & Walsh, 2005).
Security
Like with traditional data being transmitted over the network the same heighten security is needed for VoIP. One such example is DOS attacks which could be done quite easily by downloading tools off the internet. Therefore, it is very important that VoIP servers be placed behind VoIP firewalls which will help to prevent DOS penetration into the network. Authentication is needed for VoIP users just like in the data world, people will still have the need to make sure that the person on the other end of the line is who they say they are, this can be accomplish by using H.323, SIP and MGCP standards (Weiss, 2001). The H.235 component of H.323 specifies two types of authentications which include: Symmetric encryption which is a method that is less stressful on the processor usage and therefore consumes less power and does not require any form of communication between the two devices (Weiss, 2001). Subscription based method require the sharing of a secret key before the communication between to the two devices can be completed. However, the administrator must keep in mind that this method will require a lot of CPU power and time if it is using symmetric encryption which is way more secure than asymmetric encryption. In addition, H.235 also accommodates the use of IPSEC to handle authentication between the devices that are trying to communicate with each other. The SIP protocol includes three different types of authentication: Basic Authentication, Digest Authentication, and PGP Authentication (Weiss, 2001). (Fries, Kuhn & Walsh, 2005). Diagram
Advantage of Using VoIP in the Enterprise
When implemented properly using the right infrastructures and security techniques, VoIP can significantly improve the way an Enterprise communicate and operates in a successful environment. One of the many advantages of implement VoIP over traditional telephone service is that the Enterprise could see drastic cost saving in long-distance calls. Therefore, this implementation can be very beneficial to a company that operates in numerous areas whether local or internationally, since the caller’s voice is converted to data and transfer over the internet to a VoIP phone on the other end (Shavit, 2007). In addition, VoIP can also connect with other communications media which is known as “unified communication”. A company can also combine email and VoIP therefore their employees/users can access voicemail through their email clients which is not possible with traditional phone service (Shavit, 2007).
Disadvantage of using VoIP in the Enterprise
On the other hand, with the many technological developments VoIP opens the telephony system to numerous kinds of vulnerabilities that did not exist in traditional telephone systems (circuit switching). One of the many disadvantages of implementing VoIP in the Enterprise is that the VoIP telephone system is connected directly to the network. Therefore, if the network goes down so does the telephone system in the Enterprise. It also opens the door for more security risks because securing VoIP traffic at the firewall level presents certain challenges. One of the challenges is that “not all firewalls are VoIP aware and older firewall may not recognize VoIP protocols such as SIP, MGCP or Cisco’s SCCP protocol, and incorrectly block this traffic (Ruck, 2010).” In addition, like in the data world many firewalls actively scan network traffic packets as an intrusion detection/prevention system. This type of sort scanning is not recommended because of the time-sensitivity of VoIP traffic. The implementation of VoIP also present patching problems, since some administrators may over-look this issue as it might be seen as being unnecessary. Even though, most VoIP “phones use trivial file transfer protocol (TFTP) to update software or firmware and in many cases this set-up occur without authentication” (Ruck, 2010). Therefore, a compromised TFTP server will undoubtedly allow hackers to place files in the upload directory and it would be loaded into the telephone system (Thermos, 2009). Hence, it is a must that VoIP phone systems obtain regular patching to the call management system, voicemail, infrastructure, and endpoints, in or to maintaining a well secure network and telephone system.

Conclusion/ Recommendation
At the end, with the rapid growth of technology over the past years so as the need for proper security. With the implementation of voice over IP in the Enterprise, administrators should keep in mind that voice transfer should be secure using the right security methods just as they would protect data. In addition, all VoIP traffic travelling over a public IP network should be encrypted to ensure a secure communication between end-users. Like with any good network, administrators should do regular audits to make sure that there is no weakness in the network infrastructure through which unauthorized users will be able meddle around on the network and create any damage. It is also very important that firewalls are “VoIP ware”; if this is not the case then the necessary changes should be made ahead of any problem that might arise. There are many disadvantage in using VoIP over traditional phone lines but if implemented properly VoIP can significantly improve the communication within an Enterprise. Nevertheless, with demand of more advance technology it is without a doubt that VoIP could be the next way of communicating, and many Enterprise might make the switch, and traditional phone service will be a distance pass.…...

Similar Documents

Premium Essay

Voip

...Voip and Ip Telephony Implementations [pic] VoIP and IP Telephony: Planning and Implementation Table of Contents Executive Summary………. Legacy Telephony Technology………. Public Switched Telephone Network (PSTN) ………. IP Technology Solution Overview………. What is VoIP and how it works?.......... What is IP Telephony? ) ………. Benefits of IP Communications over a Converged Intelligent Network) ………. Economy) ………. Flexibility) ………. Resilience) ………. Productivity) ………. Building Blocks of Converged IP Communications Networks) ………. Network Infrastructure) ………. Applications) ………. End Points (Client Devices) ) ………. Call Processing) ………. Major IP Communications Solutions) ………. IP Telephony) ………. Considerations for Deploying IP Telephony) ………. IP Conferencing) ………. IP Contact Centers) ………. Unified Messaging) ………. Rich Media Communications—Integrated Audio, Video, and Web Conferencing) IP Videoconferencing) ………. IP Video Telephony) ………. Extension Mobility) ………. IP Telephony Applications) ………. Mobility Applications) ………. Softphones/Soft-agents ) ………. 802.11a/b/g Wireless LANs and Wireless or Soft IP Phones ) ………. Teleworker / Support) ………. Emergency Alerting Applications ) ………. Business Continuity / Disaster Recovery) ………. Land and Mobile Radio Convergence) ………. N11 Services—211, 311, 511, 711 Services to Relieve Overburdened 911 Systems ) ………. Video/Audio-On-Demand, E-Learning) ………. A "Typical" VoIP Configuration………. The Economics of VoIP ………. Selecting......

Words: 10553 - Pages: 43

Premium Essay

Voip

... | |VoIP Solution | | | | | | | | | | | Table of Contents Introduction 3 Problem Statement 4 Analysis 5 Recommended Solution and Implementation 9 References 12 Appendix A 14 Appendix B 15 Introduction Tridoc Medical Services is a medical office that was founded by three doctors. The office has six employees, besides the three doctors, working for it. There are three medical assistances and three employees who work the front desk. The office has decided to upgrade their current telephony system to a new VoIP system. The office does not have any equipment, wiring, or software for a VoIP network...

Words: 2642 - Pages: 11

Free Essay

Voip

...VoIP Voice over IP Hani Aladmaai Prof. Ali Bicak IT-520: Enterprise Infra and Networks Introduction VoIP or Voice over Internet Protocol is an IP based approach to transmitting voice over a computer network. It allows a person to make voice calls using an Internet connection instead of using a phone line. The user can make phone calls free (in certain circumstances), or they may get a service provider and pay a very low rate. How VoIP works is, it converts your voice into a digital signal that will travel over the Internet. First to send voice over a digital network, it must first be converted to digital and converted back to analog at the receiving end. VoIP may allow you to make a call directly from a computer, via VoIP programs such as Skype, a special VoIP phone, or your traditional phone connected to a special adapter. The research paper will begin with an introduction as to what VoIP is, what it accomplishes, what purpose it serves and how it works; also how it is configured. Next it will discuss some of advantages and disadvantages. Legal issues will also present on the usage of the VoIP. What is VoIP? VoIP or Voice over Internet Protocol is an IP based approach to transmitting voice over a computer network. It allows a person to make voice calls using an Internet connection instead of using a phone line. The user can make phone calls free (in certain circumstances), or they may get a service provider and pay a very low rate. How does VoIP...

Words: 3847 - Pages: 16

Premium Essay

Voip

...Voice over Internet Protocol (VoIP) is a rapidly emerging technology for voice communication that uses the ubiquity of IP-based networks to deploy VoIP client devices—such as desktop IP phones, mobile VoIP-enabled handheld devices, and VoIP gateways—in an increasing number of businesses and homes around the world. Windows CE 5.0 is a robust, real-time operating system platform that enables original device manufacturers (ODMs), original equipment manufacturers (OEMs), service providers (such as Internet service providers [ISPs], cable companies, and carriers), and enterprises to rapidly develop and deploy a wide range of devices that are part of an IP network and that have integrated VoIP functionality. The latest version of Windows CE includes an integrated, easy-to-use Telephony User Interface (TUI), a VoIP Application Interface Layer (VAIL) with extensive call control functionality, an interface to access contact and calendar data on Microsoft Exchange servers, advanced provisioning capabilities, and a complete network layer stack that facilitates VoIP-enabled device development and infrastructure integration. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after......

Words: 1932 - Pages: 8

Free Essay

Voip Essay

...TRENDS &STRATEGIES Wading Into IP Telephony ..........................4 Getting ROI From VoIP ..............................7 VoIP Monitoring Tools ............................10 VoIP Security .......................................13 Call Centers and IP ................................15 Voice Over Wireless LANs .......................18 RESOURCES QuickStudy:Session Initiation Protocol ......21 Emerging Technology:..........................23 IP Videoconferencing IPCommunications Voice-over-IP is changing the way we think of,and manage,communications. Compliments of Computerworld Executive Bulletin IP Communications 2 Converged IP networks allow for a wide variety of new applications to ride on the network and interact, including IP telephony,audioconfer- encing,videoconferencing,unified messaging and presence technolo- gies (like chat). Getting Started Corporate America is just starting down the road to voice-over-IP (VoIP)communications,though every analyst says it¡¯s just a matter of time before it becomes main- stream.¡°By 2009,the installed base of IP [communications]equipment will dominate the enterprise land- scape,but that¡¯s still a few years away,¡±says Robert Rosenberg,presi- dent of Insight Research Corp.in Boonton,N.J. There are several reasons why VoIP hasn¡¯t been an overnight suc- cess.Companies started testing the waters of VoIP in 2001,but there were serious concerns about voice sound quality that slowed the......

Words: 10014 - Pages: 41

Free Essay

Enterprise Security Plan

...Enterprise Security Plan Enterprise Security Plan Smith Systems Consulting (SSC) is a major regional consulting company. Headquartered in Houston, Texas, the firm’s 350 employees provide information technology and business systems consulting to its clients in a wide variety of industries including manufacturing, transportation, retail, financial services and education. Smith Systems Consulting (SSC) is a service provider. It provides IT services for other companies. Security is essential for SSC because it not only requires security for itself, but SSC also has many customers depending on it to provide top level IT services, which also includes security. Enterprise risks are a part of all business and how we address these risks determines how successful we are in the business world. Risks can be defined by “any exposure to the chance of injury or loss.” (Cheryl l. Dunn, 2005) Risks can be internal or they can come to us from outside sources in the form of external risks. Both types of risks pose a threat to the overall security of the enterprise. An Enterprise Security Plan (ESP) outlines possible risks by identifying the vulnerabilities within the business process and ranks the vulnerabilities for ease in developing a mitigation plan. The ESP also identifies technologies and policies that will help in the development of an operational plan that protects the business process and intellectual property of your corporation. Within this ESP we have developed 3......

Words: 1749 - Pages: 7

Free Essay

Enterprise Security Services

...SECTION ONE INTRODUCTION BACKGROUND OF STUDY In years past, when enterprises were starting, it suffered data lose and information retrieval was difficult since there was no strong security service to protect already gathered information. Production, distribution and some other functions were very difficult to achieve due to weak security services but as the days passed by enterprise has struggled to secure its services and with the aid of growth in technology and programming enterprise services has reached a reasonable degree in achieving its dream by protecting its services from harm. An enterprise is an activity or a project that produces services or products. There are essentially two types of enterprise, business and social enterprises. Business enterprises are run to make profit for a private individual or group of individuals. This includes small business while social enterprise functions to provide services to individuals and groups in the community. These shows that an enterprise security service is a form of protecting the services or the product of individuals and groups in the community from harm (preventing unauthorized users from gaining access). Enterprise now uses Biometric, Encryption and some others forms of security to form the backbone of its services. The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics refers to the automatic identification of a person based......

Words: 4428 - Pages: 18

Premium Essay

Enterprise Security Plan Cmgt/430

...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities......

Words: 2085 - Pages: 9

Premium Essay

Voip

... I. INTRODUCTION As part of its programme of work for 2006, the Joint Inspection Unit (JIU) conducted a review of selected telecommunications issues and uses of Voice over Internet Protocol (VoIP) technologies in United Nations system organizations. The objective of the review is to identify the opportunities for, and determine the feasibility of, using new telecommunication technologies based on VoIP in the United Nations system organizations, with a view to reducing costs and improving services. The review also analyses the coordination of telecommunication services and equipment procurement between the United Nations system organizations. In many cases, joint and coordinated telecommunication procurement/standardization could provide economies of scale and minimize costs and risks of interoperability. It could also help to attain more preferential offers from telecommunications service providers and equipment manufacturers, resulting in cheaper running costs and budget savings over the medium and long-term with assured quality of service. The review covers the telecommunication operations and practice of most of the participating organizations of JIU; the use of new telecommunication technologies, especially VoIP technologies; and the procurement of telecommunication services and equipment. Telephony is an important tool in any organization. The Inspectors note that the current systems providing telephony......

Words: 2720 - Pages: 11

Free Essay

Information Security While Using Voip

...sounds like they are just trying to make money and take rights and expansion ability away from current providers. If they are allowed to go ahead with this plan the way that they want it may mean that they have too much control. I don’t think that anyone wants this to happen. It brings about a big brother idea which is inherently scary. We want the option to be able to choose between internet and internet telephone companies. If regulations become too strict then where will the competition be? Will we be able to get the bundled packages and faster speeds that come out as the various companies compete? Do stronger regulations on legacy telephone services mean that the FCC or other government agencies will be listening in on all our VOIP phone calls? No thank you....

Words: 726 - Pages: 3

Premium Essay

Voip

...In this project you will be given arbitrary enterprise network. The network will be given in 2 forms: a. Network topology diagram, data traffic (text format), voice traffic (text format), end-to-end routing information (text format), network performance/latency (text format) b. OPNET model that includes network topology and data traffic, voice traffic (text format), supporting documentation Your role as design engineer is to analyze current enterprise data network and find out if and how it can be used to support VoIP requirements. Both data and real-time VoIP have to share common IP infrastructure, thus, the traditional TDM-based voice network can be turned down. Part I: In this project you will be required to reengineer current network in the most optimal way considering routing optimization, use of Traffic Engineering, MPLS and QoS, bandwidth upgrades or and topology changes. You also need to consider single points of failure as this may change the baseline condition and degrade VoIP and/or data performance. Your analysis should consider and compare these codecs: PCM G.711, PCM G.711 (with silence suppression), G.729 A, G.729 A (with silence suppression), G.728 16K and G.728 16K (with silence suppression) – final codec selection needs to be optimized including other requirements for the project. Your design solution should satisfy following constraints: - 4.0 or higher MOS for more then 99% of the total voice traffic - Link utilization on any......

Words: 261 - Pages: 2

Premium Essay

Voip

...VoIP CIS 175   Telephony no longer requires a telephone with voice over IP (VoIP), a means for using the computer to transmit and receive the voice just as a telephone has been doing for a century. Some companies are shifting from PBX systems to VoIP systems, but there are a number of concerns raised by these systems that prevent many companies from making the switch, including cost considerations and issues related to the adoption of standards. VoIP has several advantages. It consolidates the voice/data network infrastructure; allows easier moves, adds, and changes to the system; and can consolidate interoffice voice traffic onto a wide area network, thus replacing off premises lines and tie lines provided by telecommunications companies. VoIP also allows easier integration of voice for call centers and other applications (Mitchell 50). Observers also note that there are a number of problems implementing VoIP, including the fact that installation costs are the same or more than for a PBX while the systems in use still lack many features found in PBXs; analog integration can be problematic; consultants with the required voice and data experience are in short supply; and standards for powering phones over Ethernet, such as call control protocols, are still evolving (Mitchell 50). A recent report on VoIP suggests that businesses might be able to cut their telecoms operating costs by half by switching to a VoIP network. The report was published by Cambridge......

Words: 1197 - Pages: 5

Premium Essay

Riordan Enterprise Security Policies

...Riordan Enterprise Security Policies Tim L. Robinson CMGT/430 September 12th, 2011 Instructor: Dave Fedorchak Riordan Enterprise Security Policies Because Riordan’s facilities include three locations in the United States and one in China Smith Systems Consulting views Riordan Manufacturing as an enterprise business. However, an unfortunate reality exists because Riordan’s existing security policies are either nonexistent or inadequate at best for an organization of this size. Consequently, Riordan should seriously consider implementing better security throughout the entire enterprise by defining and creating a Separation of Duties (SoD). In fact, many organizations including the Department of Defense use SoD to decrease security vulnerabilities and discourage collusion by employees for a number of reasons (Gligor, 1998). Therefore, Smith Systems Consulting provides the recommendations and reasoning herein to encourage Riordan to adopt the concepts of Role-Based Access Control (RBAC) to create a SoD throughout the enterprise to reduce risk exposure and enhance Riordan’s enterprise security. Role-Based Access Control Since 2010, research by the National Institute of Standards (NIST) provides indisputable evidence that RBAC has become an increasingly common choice of enterprises with 500 or more employees (National Institute...

Words: 1129 - Pages: 5

Premium Essay

The Effects of Cloud Computing on Enterprises N Terms of Cost and Security

...the concept of cloud computing (Margaret Rouse, 2015). Through this, both its platform and type of applications can be described, cloud computing provides its services in several layers to its users. By using this technology and internet applications can be run based on large data centers and servers. Cloud computing has gone through number of several phases including grid and utility computing (Margaret Rouse, 2015). Many enterprises have already started to implement cloud computing by knowing the potential of this technology. In 2012 according to IDG reports, (IDG ENTERPRISE MARKETING, 2016) the usage of cloud computing was 12% and by 2014 the number increased to 69% with the humongous change. The main reasons for many of enterprises to adopt to this technology was its cost and the flexibility to run any application faster than by the traditional method. Few features in could computing and its business functions like data analytics, data and storage management content management, conferencing solutions and collaborations. By 2015, 24% of enterprises used cloud computing for standardizing their IT budgets. Gartner thought and analyzed that cloud computing will become more influential to e business in future (Kim Weins, 2015). Any new technology will always be adopted in business for its own benefits. For cloud computing also provides benefits for any business in this 21st century. (Salesforce, 2015) Cloud Computing gives an opportunity to reduce the business cost by......

Words: 1234 - Pages: 5

Free Essay

Future of Voip

...Future of VoIP Introduction If we are to considered ourselves as the business aiming at profit increase and progressing growth , thus delivering better quality services to our customers, we have to think about our operational cost and the ways of reducing it. One such way is the implementation of Voice over Internet Protocol ( VOIP ), also known as the internet telephony. VOIP has become more popular in recent years as companies need to cut costs and improve communication between increasingly mobile employees and increasingly global customers. The first Voice over Internet Protocol (VoIP) call was made back in 1995 between two PCs. Initially, this was just a technological novelty. However, by 1998, VoIP had already begun establishing itself as a low cost means of providing calls over long distances. It was estimated to carry about one percent of the US phone traffic. Thirteen years later, VoIP has managed to revolutionize the manner in which business and residential communications take place. Infonetics estimates that about 25 percent of the total international phone traffic is handled as VoIP. So what exactly is VoIP and how does it work? Let me give a few basics about VoIP. Many people have used a computer and a microphone to record a human voice or other sounds. The process involves sampling the sound that is heard by the computer at a very high rate (at least 8,000 times per second or more) and storing those "samples" in memory or in a file on the computer. Each...

Words: 3294 - Pages: 14