VoIP Offers Cost Savings But Also Presents Security Risks
According to the FDIC, VoIP is susceptible to the same risks as data networks that use the Internet, such as exposure to viruses, worms, Trojans and man-in-the-middle attacks. Configuration weaknesses in VoIP devices and underlying operating systems can enable denial of service attacks, eavesdropping, voice alteration (hijacking) and toll fraud (theft of service), all of which can result in the loss of privacy and integrity.
In addition, industry observers are concerned about the potential exploitation of spam using VoIP. In this situation, spam would refer to unwanted and potentially offensive phone calls.
To perform well in VoIP environments, security appliances must both protect the VoIP infrastructure and maintain the voice quality, availability and reliability of the connection. Exchange Bank, Santa Rosa, Calif., which is in the process of implementing a VoIP system, insisted that the manufacturer of its network intrusion prevention have the appliance tested for performance in a VoIP environment by an independent testing organization.
"My company is planning to deploy a VoIP system within the next few months," says Bob Gligorea, information security officer at Exchange Bank. "The evaluation alleviates one of my main fears regarding our VoIP implementation--the impact of security on quality of service.†The system, he says, “will not only help us to maintain high-quality VoIP connections, but will also prevent attackers from exploiting this new communications channel."
Establishing a secure VoIP and data network is a complex process that requires greater effort than that required for data-only networks.
VoIP systems can be expected to be more vulnerable than conventional telephone systems, in part because they are tied into the data network, resulting in additional security weaknesses and avenues of attack. Confidentiality and privacy may be at greater risk in VoIP systems unless strong controls are implemented and maintained.
VoIP systems are still maturing and dominant standards have not emerged. This instability is compounded by VoIP's reliance on packet networks as a transport medium. In addition, VoIP cannot function without Internet connections, except in the case of large corporate or other users who may operate a private network. Essential telephone services, unless carefully planned, deployed and maintained, will be at greater risk if based on VoIP.
Banks should assess the level of concern about security and privacy. If warranted and practical, avoid use of “softphone†systems, which implement VoIP using an ordinary PC with a headset and special software.
Banks need to be aware that the laws and rulings governing interception or monitoring of VoIP lines, and retention of call records, may differ from those of conventional telephone systems. These issues should be reviewed with legal advisers.
The following precautions should be followed:
• Disallow VoIP protocols from the data network at the voice gateway that interfaces with the public switched telephone network (PSTN). Use strong authentication and access controls on the voice gateway system.
• Encrypt VoIP communications at the router or other gateway, not at the individual endpoints. Since some VoIP telephones are not powerful enough to perform encryption, placing this burden at a central point ensures all VoIP traffic emanating from the enterprise network will be encrypted.
• Use VoIP-ready firewalls and other appropriate protection mechanisms. Financial institutions should enable, use and routinely test the security features included in VoIP systems.
• Because of the inherent vulnerabilities when operating telephony across a packet network, VoIP systems incorporate an array of security features and protocols. The institution's security policy should ensure that these features are used. In particular, firewalls designed for VoIP protocols are an essential component of a secure VoIP system.
• Even if encryption is used, physical access to VoIP servers and gateways may allow an attacker to do traffic analysis (i.e., determine which parties are communicating). Adequate physical control should be in place to restrict access to VoIP network components. Physical security measures, including barriers, locks, access control systems, and guards, are the first line of defense.
If improperly implemented, VoIP can pose significant operational risks to financial institutions. Therefore, management should perform a comprehensive risk assessment before implementation to ensure the confidentiality, integrity and availability of voice communications using VoIP technology.