A Strategy for Enterprise VoIP Security

A Strategy for Enterprise VoIP Security

Dwayne Stevens (Community Trust Bank, USA) and David T. Green (Governors State University, USA)
Copyright: © 2009 |Pages: 9
DOI: 10.4018/978-1-59904-855-0.ch041
OnDemand PDF Download:
No Current Special Offers


Voice over Internet Protocol (VoIP) networks signal an evolution in telecommunications that is accelerating the convergence of the Internet and the public switched telephone network (PSTN). Offering decreased costs and other benefits, VoIP is poised to transform telecommunications and the organizations that use them. However, some consider VoIP a security nightmare, combining the worst vulnerabilities of IP networks and voice networks. DOS attacks, crash attacks, packet spoofing, buffer overflow attacks, spam over Internet telephony (SPIT), and word injection all pose threats to commercial enterprise networks and the mission critical operations that they support.
Chapter Preview


Traditional telecommunications carriers are now facing the very real prospect that the “large networks they’ve been meticulously building for more than 100 years will be, if not entirely useless, certainly unsustainable in the very near future.” Already reeling from the “fixed-to-mobile substitution” brought about by migration of landline traffic to the cellular platform, Local Exchange Carriers (LECs) are now facing competition with VoIP (Conti, 2004).

This chapter will seek to first provide an analysis of the benefits of VoIP, and then will discuss the three current prominent models of VoIP that are being utilized. The chapter will then briefly look at how educational institutions are using VoIP and examine the implementation and security concerns of VoIP. Finally, the chapter will then address Quality of Service concerns, and list strategies for security assurance and disaster recovery planning in relation to VoIP.


VoIP is revolutionizing telecommunications in large part because IP telephony is based upon standards which are vendor agnostic, ensuring interoperability between products from different manufacturers in almost any combination (Ross, 2004). Many of the companies who have adopted VoIP have been very pleased with the results in this technology which “crosses the boundaries of public and private networks, enterprise and residential markets, voice and data technologies, as well as local and long-distance services.” By converging voice and data into a single, powerful network, an organization can “reduce costs, consolidate and simplify networks, as well as better serve its customers and constituents” (Young, 2005).

In a recent product spotlight in IEEE Review, relatively low-cost items like the Firebox VoIP Cyberphone were featured, which allow users to make low-cost calls to landlines and mobile phones all over the world and free calls to anyone using a similar VoIP phone (Calls over the Net, 2005). It is technology such as this which has in part fueled the flurry of corporate adopters. In excess of nine million North American corporate telephone lines ran on VoIP in 2004, a full 11 percent of the total. That number was up from 4 percent from 2002, according to Gartner Inc., and is expected to reach 41 percent by 2008 (Fahmy, 2005).

VoIP installations achieve cost savings from a variety of sources. Obviously, running voice and data on the same network reduces the hardware, maintenance, and service needed. A great example of the financial benefits of VoIP is illustrated by the recent adoption of VoIP by the accounting firm Grant Thornton, LLP. The firm used to spend more than $800,000 a year on long-distance calls made from its 49 U.S. offices. VoIP installations cut that spending by more than 60 percent. In addition, local phone charges fell by 40 percent (Fahmy, 2005).

Several other factors also influence the adoption of VoIP technology, including improved network utilization, opportunities for value-added services, and progressive deployment. Traditional circuit-switched networks have to “dedicate a full-duplex 64 kb/s channel for the duration of a single call, whereas with VoIP networks the bandwidth is used only when something has to be transmitted,” utilizing network resources more effectively and allowing more calls to be carried over a single link. In addition, VoIP offers many other advanced features such as caller ID and call forwarding that can be added as value-added services to VoIP networks at minimal cost. Finally, IP telephony is “additive to today’s communications networks since it can be easily integrated with existing PSTN infrastructure and networks” (Zeadally, 2004). However, there are other, less obvious benefits that corporate users are discovering that merit mention:

  • VoIP reduces the cost of reconfiguring the network every time an employee switches office or cubicles.

  • VoIP allows users to easily self-administer their call forwarding, helping to route calls to either voice mail or external lines depending upon the caller.

  • Using a popular feature called unified messaging, employees can check messages left at different numbers on one centralized platform (Fahmy, 2005).

  • Businesses can amortize their VoIP equipment in as few as three months (Ross, 2004).

Telecommunication service providers are in the midst of developing converged core networks for both data and voice to support this evolution. There are also economic incentives, improved productivity, and new revenue-generating services that come along with these new networks (Prabhakar, 2005).

Key Terms in this Chapter

Disaster Recovery: The process of regaining access to data, hardware, or software after a computer based human or natural disaster.

Local Exchange Carrier (LEC): A regulatory term in telecommunications for the local telephone company.

Multiprotocol Label Switching (MPLS): A data-carrying mechanism which emulates some properties of a circuit-switched network over a packet-switched network.

Quality of Service (QoS): A set of quality requirements on the collective behavior of one or more objects in the field of telephony.

Voice Over IP (VoIP): The routing of voice conversations over an Internet Protocol-based network.

Public Switched Telephone Network (PSTN): The network of the world’s public circuit-switched telephone networks.

Plain Old Telephone Service (POTS): The voice-grade telephone service that remains the basic form of residential and small business service connection to the telephone network in most parts of the world.

Complete Chapter List

Search this Book: