As VoIP services attract hundreds of new corporate customers every
day, Internet security experts remind prospective clients that voice-over-IP
many of the same security threats as any other kind of data. Security researchers
recommend asking any prospective VoIP
service provider the following questions
to avoid a security breach.
1. How Do You Handle a DNS Attack Against Your VoIP Service?
In a andquot;denial of serviceandquot; attack, thousands of hacked computers flood
their targets with data requests. Professional VoIP
services use firewalls,
redundant servers, and around-the-clock monitoring to prevent their servers
from getting clogged.
2. Can Hackers Listen to Calls Made on Your VoIP Service?
It may sound like a throwback to the concerns of telephone users in the 1950s
and 1960s, but the threat of eavesdropping on Internet phone calls can not
be entirely dismissed. Fortunately, most VoIP
services use encryption tools
that prevent uninvited parties from listening in.
3. Does Encryption Reduce Call Quality on Your VoIP Service?
Encryption requires processing time. The harder the encryption, the more a
VoIP service risks jitter, echo, latency, and other aural distractions on
the call. The best providers have invested in hardware and software solutions
that make encryption transparent to end-users.
4. How Do You Test for Vulnerabilities in Your VoIP Services Software?
As with any software platform, VoIP systems are sometimes tested by hackers
and security experts for potential holes. A quality vendor combines their
in-house research with the latest reporting from trusted security specialists.
5. Who Handles Patch Deployment for Your VoIP Service?
When VoIP services want to push firmware and software updates to users, does
the upgrade process cause more problems than it solves? Ask prospective vendors
how patches are distributed, and how their systems can be integrated with
your companys own software update protocol.
6. What Happens If Someone Steals the Router for Your VoIP Service?
A missing VoIP call router can potentially wreak havoc on a business. Ensure
that any prospective VoIP
service can disable a router remotely and keep
account credits intact.
7. Can We Use Our Own VPN Tunnel with Your VoIP Service?
Some companies prefer to keep all of their data flowing within protected virtual
private networks. If you prefer to keep the conversation on your calls secret,
even from the phone company, choose a VoIP
service that enables calling through
a VPN. This extra step may not be necessary for many users, especially since
it often involves additional hardware and software expenses.
8. How Does Your VoIP Service Prevent Fraudsters from Impersonating Me?
By hijacking inbound calls, scammers can impersonate customer service representatives
and collect personal account information. Hackers can sometimes gain access
to an open port and resell minutes on a companys VoIP account. Solid vendors
protect their customers by monitoring VoIP
service usage for unusual activity
or packet routing, especially to countries with few known customers.
Keep Asking Questions, Long After Selecting a VoIP Service
Just as threats to desktop computers keep evolving, the potential for criminals
to breach security on a companys VoIP
service changes over time. Security
experts recommend staying informed by checking vendor blogs and maintaining
a strong relationship with account representatives.
National Institute of Standards and Technology
Voice Over IP Security Alliance