Security Tip (ST05-018)
Understanding Voice over Internet Protocol (VoIP)
With the introduction of VoIP, you can use the Internet to make telephone calls instead of relying on a separate telephone line. However, the technology does present security risks.
What is voice over Internet protocol (VoIP)?
Voice over Internet protocol (VoIP), also known as IP telephony, allows you to use your Internet connection to make telephone calls. Instead of relying on an analog line like traditional telephones, VoIP uses digital technology and requires a high-speed broadband connection such as DSL or cable. There are a variety of providers who offer VoIP, and they offer different services. The most common application of VoIP for personal or home use is Internet-based phone services that rely on a telephone switch. With this application, you will still have a phone number, will still dial phone numbers, and will usually have an adapter that allows you to use a regular telephone. The person you are calling will not likely notice a difference from a traditional phone call. Some service providers also offer the ability to use your VoIP adapter any place you have a high-speed Internet connection, allowing you to take it with you when you travel.
What are the security implications of VoIP?
Because VoIP relies on your Internet connection, it may be vulnerable to many of the same problems that face your computer and even some that are specific to VoIP technology. Attackers may be able to perform activities such as intercepting your communications, eavesdropping, taking control of your phone, making fraudulent calls from your account, conducting effective phishing attacks by manipulating your caller ID, and causing your service to crash (see Avoiding Social Engineering and Phishing Attacks and Understanding Denial-of-Service Attacks for more information). Activities that consume a large amount of network resources, like large file downloads, online gaming, and streaming multimedia, may affect your VoIP service.
There are also inherent problems to routing your telephone over your broadband connection. Unlike traditional telephone lines, which operate despite an electrical outage, if you lose power, your VoIP may be unavailable. VoIP services may also introduce problems for location-dependent systems such as home security systems or emergency numbers such as 911.
How can you protect yourself?
- Keep software up to date - If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities (see Understanding Patches for more information).
- Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current (see Understanding Anti-Virus Software for more information).
- Take advantage of security options - Some service providers may offer encryption as one of their services. If you are concerned about privacy and confidentiality, you may want to consider this and other available options.
- Install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
- Evaluate your security settings - Both your computer and your VoIP equipment/software offer a variety of features that you can tailor to meet your needs and requirements. However, enabling certain features may leave you more vulnerable to being attacked, so disable any unnecessary features. Examine your settings, particularly the security settings, and select options that meet your needs without putting you at increased risk.