What You Should Know About IP Telephony Security

Dec 17, 2015

Posted In: Privacy & Data Security, Strategy, VoIP Author: Jesse Bird

With new stories about recent cyber attacks and security breaches becoming increasingly commonplace, the issue of security for IP telephony is one that can no longer be ignored. Even companies with large, sophisticated systems like Target have found themselves the subject of data attacks by hackers aiming to collect customer information like social security numbers, account information and more.

With today’s network-based voice systems (both on-premise and cloud-based), the issue can be more complex—but the results are no less devastating in the event of a breach. For organizations with such systems in place or considering implementing those solutions, here are a few of the things you need to know about IP telephony security – especially prescient for your VoIP call center.

The Main Forms of IP Telephony Attacks

The two main forms of attacks on Internet protocol (IP) telephony systems are denial-of-service (DoS) attacks and eavesdropping. Both can compromise operations and security of customer and corporate data, as well as present unique challenges to security experts.

DoS attacks are aimed at disrupting servers by overwhelming them with automated service requests. Rather than poaching data directly, the goal of DoS attacks is to disrupt operations and lock customers out of communication with telephony providers.

Eavesdropping can even more insidious—a network-based, man-in-the-middle attack aimed at setting up relays that allow hackers access to supposedly private data communications. And as IP addresses are increasingly being shared and becoming more difficult to trace, identifying eavesdropping hacks is becoming more difficult.

Who is Being Targeted?

All data transmitted over IP is susceptible to breach, and all sectors are being targeted. From carefully regulated industries like finance and healthcare to retail and commercial enterprises, the pressure to ensure information security is growing.

The rise of cloud-computing has made it even trickier to protect against hacks. As technology outpaces IT support, security measures often prove insufficient when attempting to fend off attacks from individual hackers and nation states—or make things worse.

According to a 2012 report issued jointly by the University of Wisconsin, security software firm RSA and the University of North Carolina, “while data loss and data leakage are both serious threats to cloud computing, the measures you put in place to mitigate one of these threats can exacerbate the other.”

How Can You Ensure Your IP Telephony Systems Are Secure?

Ultimately, the security of data transmitted over IP systems involves careful monitoring of data pathways, scrubbing of irrelevant records and data and encryption. For telephony system, encryption poses certain challenges.

“Encryption comes with significant complexity that is often beyond the capabilities of voice engineers,” says a David Stein, a principal with Stein Consulting Group and member of the Society of Communications Technology Consultants. This makes the data difficult to hack, but also can lead to the systems being expensive.

“It comes down to weighing the value of the information that might be hacked against the cost of securing it,” continues Stein. “Is it better to be safe than sorry regardless of the cost?”

With privacy and data protection at a premium, the answer to this question increasingly appears to be “yes.” Through the judicious application of security protocols and monitoring, it is possible to create safe and reliable IP telephony systems.

Don’t let the the latest developments — from a technology or regulation perspective — hold you back. For details on how you can stay TCPA compliant, download our TCPA Compliance ebook for a plain English breakdown of the new TCPA rules, as well as checklists to help you stay compliant with the changes.

About the Author: Jesse Bird

Jesse Bird, CTO and co-founder of TCN, has been passionate about emerging technologies from an early age. He has used that passion as a springboard for his career and has strived to keep TCN at the forefront of Voice Over Internet Protocol (VoIP) and call center technology for the past 15 years. Since co-founding TCN in 1999, Jesse has been pivotal in guiding the technology team through three major iterations in their product line, including his work spearheading the launch of TCNäó»s new Platform 3.0. Jesseäó»s extensive knowledge base has impacted all levels of the technology stack, from physical hardware and network designs to virtualized computing environments to database design and all types of VoIP technology. His consultative approach to client interactions has been essential to growing the TCN brand and making it the industry leader it is today. Jesse has not only played a critical role in keeping TCNäó»s call center technology at the forefront of the industry, but also helped create its open, tight-knight corporate culture.