VoIP Security & Implementation Considerations

The growing trend today is to have voice and data travel through the same network. The benefits of convergence are so significant that the shift from conventional phone lines to the Internet is inevitable. However, before the explosion of VoIP, landline phones performed consistently with very few problems. The general public is accustomed to reliable phone service with sound quality and often doesn’t realize that reliability and fault tolerance are difficult to master. The telecom industry calls this 99.999% availability, though these expectations may be unrealistic when voice is carried over the Internet.
For example, Internet congestion can impact phone conversations by introducing latency and jitter. If there is a delay in speech of over 150 ms, the human ear can sense it. And with jitter, voice quality is diminished as the voice arrives at varying intervals. The conversation can get garbled or the speaker appears to stutter. Complete words and sentences can go missing. Also, since data lines are not usually designed to be as fault tolerant as conventional landlines, service breaks for Internet phone calls can be frequent – and very frustrating.
Usually the challenges of VoIP become apparent only after the implementation. The culprits often are related to data network congestion (i.e. limited bandwidth), Internet connectivity problems, and/or security issues. Organizations may find that VoIP reliability or security was never addressed at all.
Ensure VoIP Reliability
The traditional way to handle congestion in data networks is to use bandwidth management software, which prioritizes packets on the network. For instance, a network administrator could stipulate that e-mail be designated 50% of the line capacity, while Internet browsing could be given 30%, VoIP 10%, and the rest of the traffic gets 10%. By prioritizing this way, companies can ensure data packets (and network applications) don’t interfere with one another.

An alternative, and in some cases, a more efficient way to handle network congestion, is to separate traffic into private tunnels (aka ‘roads’) through to the Internet. The earliest implementations relied on dedicated lines from service providers, which were expensive. Today, however, allocating private tunnels through the Internet can be deployed with minimal cost and hassle using regular xDSL lines, for example. Traditional T1 lines used to cost around $1200/month, whereas nowadays the price for high speed data (DSL, CABLE, T1) is around $120 to $700 per month – pricing is location dependent. To reach the reliability of leased lines, organizations need two high speed connections from different providers, using connection A for VoIP and connection B for data – both with failover capability. Using multiple roads that lead to the same destination can enhance the reliability of VoIP and data. By having more roads available, companies can ensure that when a user picks up the phone, “the Internet is not down.” We may be used to not being able to surf the Internet or send e-mail at all times due to service breaks, but end users expect that their phones will always work.

Make VoIP Secure with a Best-Of-Breed Solution
Since VoIP uses the same paths as other data traffic, it faces the same challenges and threats that are more commonly associated with the Internet. Voice traffic can be attacked, hacked, intercepted, rerouted, and degraded just as any data packet on a data network. In order to avoid most security problems, voice traffic should be encrypted. This also reduces the possibility of a DoS (denial of service) attack.
Beyond security, building private roads makes voice traffic more reliable and resilient. Typically, an integrated network security solution is the best tool to achieve a high-quality, secure voice call. With VPNs (virtual private networks), VARs can encrypt all network traffic, including voice, to ensure communication stays private and secure. VARs should look for VPN and firewall products that fully support VoIP protocols like SIP (session initiation protocol) and MGCP. To ensure 99.999% reliability, the firewall/VPN solution should support high availability or clustering technology.
Additionally, companies should seek and test various products for WAN acceleration and load balancing to combine connections from multiple ISPs (Internet service providers). These types of load balancing technologies ensure the fastest road is always taken – even if one is closed. Alternate routes are quickly designated so traffic streams freely without end users noticing the difference. This also is more efficient in terms of reducing the risks of changing the network structure. When separate lines are used to distribute voice packets, the lines can be added, tested, changed, and removed without any disruption to critical business applications. With some solutions, companies can add lines for increased voice traffic or replace existing Internet links with another carrier’s link without disrupting traffic flow or the normal operation of business applications. Best of breed network security systems can eliminate the risks associated with these types of infrastructural changes.
Quality of service (QoS) remains an important aspect of a secure, reliable, and cost-effective VoIP implementation. The security (firewall/VPN) and load balancing technologies discussed above should all support QoS, even during encrypted sessions. Additionally, consideration should be given to solutions that provide full end-to-end VoIP security and are implemented to reduce costs and manageability issues as well as to improve auditing, reporting, and threat mitigation functions. Centralized management in the 21st century is critical and also should be a VoIP solution requirement.
VoIP is proving to be an excellent way for organizations to use cutting-edge technology to achieve cost savings. At the same time, it presents new challenges that need to be addressed. Solutions exist that meet these challenges, but VARs need to seek out technologies that combine best of breed firewall/VPN security with VoIP protocol handling, load balancing, and clustering of devices and provider circuits, centralized management capabilities, and reporting and auditing tools. The more these are combined, the more effective they will be. Secure, reliable VoIP is available today, and it won’t break the bank.