Whenever a new technology comes along someone worries about how safe it is - this is fine, even good, so long as we keep things in perspective.
But often we get the odd 'sky is falling' prediction, pointing out the worst that could possibly happen in the worst of all possible worlds. Eventually, when the sky can be seen to be safely in place and some of the more glaringly obvious holes in the new things have been plugged adequately, we take the new for granted and judge the next thing along against it - as though it itself was now perfect.
That's life I guess and VoIP is no different so here's a pragmatic, mostly non-technical security guide to VoIP; the new kid on the block.
A piece of software on your computer or in your VoIP telephone converts your analogue voice into packets of digital information which are then sent down your internet connection to whomever you are calling. Their software then collects the packets, re-assembles them and converts them into sounds you can hear in your phone. This is called an 'on-net call' because it is VoIP end to end.
If the call goes to a telephone on the old-fashioned telephone network - the PSTN (Public Switched Telephone Network) - the call is passed from the VoIP provider through a gateway into BT's network and on to the called party. This is called an 'off-net call'.
While all that is happening with your voice, some other stuff is being sent to your VoIP service provider giving them information that they use for billing and call management purposes - such as who the call is to and how long it lasts.
Although anyone can use our service, we run a network particularly for small business users and you have told us that reliability of service is your number one requirement - we are aware how much you rely on us; as we do ourselves. You are also concerned about call quality because for business use, call quality must be excellent at all times.
Consequently we have built a very robust network. Our up time since 2007, as measured independently by Monitor Us, has been 99.99%.
When someone says 'how secure is VoIP?' you really need to know what they are thinking about. Normally they just means 'is it possible to eavesdrop on my conversation?' And the dead honest answer is 'yes'.
But there's much more to it than that.
In practice the security issues for VoIP users break down into 3 basic areas.
Just like an ordinary phone or mobile, people can physically hear your calls - of course. Most people using mobiles on trains don't appear to care.
If you are concerned that people may be able to hear your conversations or hack into your call remotely by listening in to them it is certainly possible that with the right equipment, a lot of knowledge and a good incentive, that someone may be able to do so; just as it is with both mobile and ordinary landline telephony.
However, there are a few things to consider. Firstly, you need to ask yourself why anyone would be remotely interested in your conversations? Secondly, if you didn't worry about it before, when it was possible for someone to simply put two clips across your telephone wire to listen in, why are you concerned now when it requires a lot more technical ability?
You also need to separate in your mind the difference between a phone call and other pieces of computer information sent down your telephone line. A phone call happens in real time, its start point is unknown before it happens and is gone forever when it's over.
Other data, such as emails, are stored in ordered format and can be searched for historically and worked on over time. So phone calls start and finish more securely than most other communication methodologies and don't leave a stored record of their content.
If you're making telephone calls that need to be totally secure from eavesdropping you should use no publicly available telephone service.
However, unlike ordinary telephony, VoIP can be encrypted to make it secure but unfortunately there are some very misleading statements being made about secure or encrypted VoIP. To be any use at all, encryption needs to be end-to-end in order to fully protect the conversation.
But currently the only way that this is possible is on a VoIP to VoIP call over the same vendor network using hardware, which supports it and a network, which allows it. This is a rare kind of phone call. The overwhelming majority of calls going to and from companies originate or terminate on the public telephone network. The PSTN is not encrypted, so any calls placed to or from it are unencrypted - there is absolutely nothing any telephone service provider can do about this.
Furthermore, calls from one VoIP network to another VoIP network are also not encrypted which leaves the only use for encryption to be for in-company calling. Sadly, an attacker with access to the phone's local network will be capable of disabling encryption but if the local network is secured, there's little to no benefit to encryption.
Because of this we recommend that attention be focused on securing the network where the VoIP devices are connected, rather than create false security from partial encryption - security needs to be total to be effective. The most effective way of securing your own VoIP network is to have all phones connected to Voipfone using Voipfone broadband. This avoids the public internet because you will effectively be privately peered direct with our network.
This is possibly a more realistic, though still highly unlikely, threat and it too has to be put in perspective. If you have an 'always on'connection to the Internet - which is how broadband works - or a wireless connection and don't have any protection against external intrusion, your computer and network are vulnerable.
Ignorance is the main enemy. Many PCs have no protection at all from attacks from outside but there is no reason why this should be the case. Most operating systems are now equipped with a firewall and there are all sorts of free and paid for Virus and Spyware guards available.
Normally too, and particularly for business use, you will have a router connected to the Internet and your PCs and VoIP phones connected to it. You then have a further security feature, a hardware firewall that protects your internal network.
All wireless routers provide encrypted security - it just needs to be turned on! If these safeguards are used, you are perfectly safe from all but the most determined attack, and, please note, this has nothing to do with VoIP; it's just a fact of life if you use the Internet for anything at all.
This can only happen if someone gets hold of your password and username and knows their way around your service or if you're using an unprotected hardware PBX (instead of our normal hosted services). They could then use whatever credit was in your account at the time. Just like if you lost your credit card and wrote your PIN on it.
But obviously you would notice very quickly if this was happening and the thief would only have access to the credit on your account, which is typically only a few pounds. (Voipfone also has a suite of security features, which limit any loss to these sorts of frauds).
The solution of course is not to allow anyone access to your username or password. Our Customer Support Representatives will never ask by email or anything else for your full password - so never disclose it under any circumstances.
Hackers will attempt to get into these new services but they'll start where they can find the most lucrative or high profile challenge. If small businesses and individuals take normal sensible precautions there is no reason to believe that VoIP will create any new or increased threat.
New technology can seem confusing at first, but don't worry, we are here to help!
Log in to your online control panel to configure your services. With Voipfone's online control panel you can manage your account in real time, from your PC anywhere in the world.