Securing Internet Protocol Telephony

Privacy is a great concern to corporations looking to implement VoIP. Privacy of both the signaling and the call itself are critically important. Exposed signaling can provide eavesdroppers with calling patterns containing the information about when calls are placed, the participants involved, and the length of time that calls remain connected. Depending on other circumstances, the simple knowledge of a call’s existence may provide an outsider with information that could have negative consequences. It is important to consider the need for encrypted signaling in the IP Telephony environment and the benefits that encryption provides. The adoption rate of encryption with premises-based enterprise solutions has been faster than provider-based or hosted solutions. Verizon Business has been instrumental in helping to develop the standards and best practices that are appropriate for extraenterprise communication.

Actual call privacy is at risk as well. Many corporations may agree that it is not good security practice to conduct sensitive conversations on a mobile phone network, yet few have identified VoIP transport as being potentially insecure. While few offerings provide encryption of VoIP calls, this is a necessary option for addressing communication of sensitive information in an enterprise. Unencrypted voice conversations can be captured and later re-assembled into audible “.wav” files using freely available tools.