VoIP security? Encrypt, encrypt, encrypt

On our sister site TechRepublic, IT Security blogger Tom Olzak runs a guest column from technology and security author-consultant Deb Shinder.

In her piece "VoIP threats: beyond eavesdropping," Deb runs through a list of VoIP security vulnerabilities: Denial of Service attacks, flooding and logic attacks, injected messages, call hijacking, and caller ID spoofing.

After these descriptions, Deb then provides a two-paragraph summary of the best way to forestall these issues.

When it comes to protecting VoIP from attackers, the most important element is encryption, encryption, encryption. But don’t stop with encrypting the media channel — the call-signaling channel needs protection as well. There are vendor-specific solutions for encrypting the signaling protocol itself, or you can use IPSec or TLS to encrypt the traffic at the network or transport layer.

There’s no perfect, standard solution yet, but the first step toward defending your VoIP network is to be aware of the problem. By implementing VoIP-aware network devices and using encryption technologies, you can avoid many of the DoS, hijacking, and spoofing attacks to which VoIP is vulnerable.

Thanks, Deb, for sounding the VoIP security call with non-alarmist but practical pointers.