We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,108 News Articles

VoIP security is all about implementation

According to experts at the VON show

Lack of equipment interoperability and confusion over who is responsible for security are to blame for the lack of security in VoIP (voice over IP), an issue that IT administrators say is a major concern for them, experts speaking at VON Europe today said.

The technology and standards that exist to secure VoIP are not the issue, said Tim Jasionowski, senior technologist for voice and rich media technologies at Nokia. The problem is that most enterprises aren't using many of the technologies.

That's mainly because unless an enterprise uses a single vendor for every piece of equipment in their network, including phones, IP-PBX (IP-private branch exchange), firewall and all other components in between, then security technologies such as TLS (Transport Layer Security) and others are unlikely to interoperate across multivendor equipment, he said.

Even if an enterprise decided to standardise on a single vendor, it might have additional limits on the products it chooses. That's because not all major vendors are building support for security standards such as TLS into their products and those that do don't necessarily support it across their entire product range, said Dr Cullen Jennings, distinguished engineer at Cisco.

Once enterprises decide to extend VoIP into mobile devices, they face additional problems, but once again not because the standards and technology don't exist. Ideally, an enterprise might want to run WPA (Wi-Fi protected access) to secure the Wi-Fi connection on a wireless device, an authentication mechanism for users that may attach to public hotspots, a VPN (virtual private network) for accessing the corporate network and possibly other security techniques.

"That's great if you have a nuclear power plant in your pocket attached to your mobile phone," Jasionowski said. Running all of those security applications requires processing and power, both features in short supply on mobile devices.

In addition, the market hasn't fully worked out who exactly is responsible for security and who is responsible for enforcing that security, said Ari Takanen, chief technology officer at Codenomicon. Currently, layers of security are offered by service providers and equipment makers and sometimes their efforts overlap. Without the clarity of claimed responsibility, no source is liable for security issues, he said.


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...