| VoIP is exposed to all the security breaches that are | | | | recommendable solutions if you need an extra level of |
| natural to the use of the internet, although using VoIP is | | | | security, unless you are positively sure that the STUN |
| as safe as sending emails or paying bills online, or even | | | | or TURN server is administered by your VoIP. The |
| safer. | | | | same applies to ICE technology (Interactive |
| As anything related to the internet, if a highly secured | | | | Connectivity Establishment) that is used to decide |
| VoIP connection is needed, a specialist should be | | | | whether to activate STUN or TURN. |
| consulted. | | | | Now, let us talk about encryption. Once again, let me |
| Security Objectives | | | | remind you that if you truly need a connection for your |
| A few concepts can help an average user to keep a | | | | business that is totally secured end to end, you must |
| VoIP connection safe enough for everyday use. For | | | | consult a specialist. |
| that, we must focus on: | | | | Types of Encryption |
| - Keeping our firewall safe. | | | | Your Voip provider might have different ways of |
| - Avoiding the use of the VoIP service by unauthorized | | | | encryption: |
| persons. | | | | - VPN (Virtual Private Network) using IPSec (Internet |
| - Encrypting the transmission in case it is picked up | | | | Protocol Security). VPN uses a 'tunnel' to connect to a |
| over the internet. | | | | corporate network, and the second encrypts the |
| If we need to troubleshoot the installation of a VoIP | | | | connection. This technology will place a high demandon |
| device, we must remember not leave the firewall | | | | your internet connection and computer. |
| disabled or with UPNP (Universal Plug and play). | | | | - TLS (Transport Level Security) encrypts the |
| Many popular VoIP programs do not use internet | | | | connection and makes sure that your VoIP server is |
| telephony when making free calls. Most of these | | | | not an impostor in disguise. TLS will typically take less |
| programs can get through your firewall without you | | | | resources from your internet connection and from |
| having to change anything and some of them include | | | | your computer than VPN plus IPSec. |
| encryption for their free calls out of the box (Skype | | | | - SSL (Secure Socket Layer) is the predecessor of |
| encrypts everything, unless you use its international | | | | TLS, and is still used on the internet. The same |
| version, and Gtalk encrypts the session between your | | | | considerations as in TLS apply to SSL. |
| computer and the Gtalk sever). | | | | - SRTP (Secure Real Time Protocol) might not be as |
| Internet telephony providers will almost always use an | | | | strong as TLS/SSL but will place the least demand on |
| industry standard protocol called SIP (Session Initiation | | | | your computer or VoIP device. It has little effect on the |
| Protocol) which has its own methods of protecting | | | | quality of the sound and is the encryption method of |
| communication sessions. | | | | preference. |
| The firewall of many routers has an option that | | | | Benefits of VoIP Provider Security |
| enables "ALG for SIP" (application layer gateway for | | | | A final piece of advice; there are many ways of |
| SIP) which is very helpful but allows your SIP programs | | | | improving the security over the internet. In the case of |
| or devices to take certain control of the firewall. If you | | | | VoIP, it is better for an average user to use a good |
| need certain degree of security (say, for internet | | | | provider rather than freeware, and to use whatever |
| banking from home) you can only use ALG for SIP in | | | | that provider recommends, because: |
| your router temporarily, for testing purposes only. | | | | - They have stronger firewalls and other powerful |
| VoIP Provider Security | | | | security measures |
| Without the help (and risks) of ALG for SIP, there are | | | | - They will make your own firewall less vulnerable on |
| several options that you can consult with your VoIP | | | | the internet than it would be with a do-it-yourself |
| provider: | | | | solution (unless you have some advanced knowledge |
| - Tunnelling, that has been widely used in networks in | | | | of internet security) |
| order to resolve connectivity and safety issues, and is | | | | - They adhere to safe VoIP standards, or create their |
| the most recommendable option. You will want to | | | | own safety standards. |
| know whether this feature is available before buying a | | | | - They usually offer encryption and tunnelling, which |
| VoIP service. The tunnel in 'tunnelling' is like a private | | | | makes the communication even safer. |
| channel between your VoIP provider and you, and | | | | - They can supply you with pre configured hardware |
| sometimes includes encryption. | | | | or software that meets your safety requirements. |
| - STUN servers (Session Traversal Utilities for NAT) | | | | So, ask your prospective VoIP provider or providers, |
| that help your VoIP provider to know how to 'see' you | | | | clear out any doubts about security (if you have any) |
| from the internet, or TURN servers (Traversal Using | | | | or consult a specialist, so that you can start enjoying |
| Relay Nat) that can do a more intensive work when | | | | the benefits of VoIP. |
| STUN does not work. They are not the most | | | | |