Security Issues

The issues around security of a VOIP/SIP implementation are plentiful. First and foremost, your voice travels over a data network, specifically, an Internet Protocol (IP) network. Due to advancements in network bandwidth over the past 15 years, there is a plethora of data network bandwidth available for both public and private communications. The economics have driven the cost down to commodity levels when compared with IP network deployment 15 years ago. Fiber to the desktop in the Fortune 250 and even fiber to the home are becoming the norm.

In leveraging this inexpensive commodity, the security issues surrounding IP networks all apply when these networks are utilized for VOIP implementations. These issues include but are not limited to:

Eavesdropping / Voice Privacy – the ability to record or listen into conversations
Fraud – injecting voice in an existing stream of voice communications
Denial of Service
Vishing – the utilization of VOIP services by someone other than the account holder or the identification of account information by someone other than the account holder
Spam over Internet Telephony (SPIT)

The problem with VOIP spam and normal content filtering: it just doesn’t work. A normal content filter won't work. Some pin their hopes on speech recognition, but it is more likely that companies will use traffic analysis to identify where the SPIT is coming from and block traffic coming from compromised servers. Therefore your requirement for stopping the security issues associated with VOIP requires extraordinary efforts from vendors and network vendors.