What Is VoIP?

VoIP stands for Voice over Internet Protocol. Sometimes it's referred to as Voice over Networks or (VoN), Voice over Broadband (VoB) and sometimes Internet Telephony. VoIP allows you to make free, or very low cost, telephone calls over the Internet.

You can call any telephone in the world and any telephone can call you - regardless of what equipment or network the person you are calling uses.

Also, because VoIP uses, digital, internet technologies (sip) many new features and services that were previously impossible, or very expensive using traditional telephone technology, become available.


VoIP Security – A Pragmatic Guide

VoIP SecurityWhenever a new technology comes along someone worries about how safe it is - this is fine, even good, so long as we keep things in perspective.


But often we get the odd ‘sky is falling’ prediction, pointing out the worst that could possibly happen in the worst of all possible worlds. Eventually, when the sky can be seen to be safely in place and some of the more glaringly obvious holes in the new things have been plugged adequately, we take the new for granted and judge the next thing along against it - as though it itself was now perfect.


That’s life I guess and VoIP is no different so here’s a pragmatic, mostly non-technical security guide to VoIP; the new kid on the block.


How VoIP Works


A piece of software on your computer or in your VoIP telephone converts your analogue voice into packets of digital information which are then sent down your internet connection to whomever you are calling. Their software then collects the packets, re-assembles them and converts them into sounds you can hear in your phone. This is called an ‘on-net call’ because it is VoIP end to end.


If the call goes to a telephone on the old-fashioned telephone network - the PSTN (Public Switched Telephone Network) - the call is passed from the VoIP provider through a gateway into BT’s network and on to the called party. This is called an ‘off-net call.’


While all that is happening with your voice, some other stuff is being sent to your VoIP service provider giving them information that they use for billing and call management purposes – such as who the call is to and how long it lasts.


About Security


When someone says ‘how secure is VoIP?’ you really need to know what they are thinking about. Normally they just means ‘is it possible to eavesdrop on my conversation?’ And the dead honest answer is ‘yes’.

But there’s much more to it than that.


In practice the security issues for VoIP users break down into 3 basic areas.


• Can anyone tap into my call?
• Are my own networks and computers safe?
• Can someone steal my calls and make me pay for them?


Can Anyone Tap Into My Telephone Call?


Just like an ordinary phone or mobile, people can physically hear your calls - of course. Most people using mobiles on trains don’t appear to care.


If you are concerned that people may be able to hear your conversations or hack into your call remotely by listening in to them it is certainly possible that with the right equipment, a lot of knowledge and a good incentive, that someone may be able to do so; just as it is with both mobile and ordinary landline telephony.


However, there are a few things to consider. Firstly, you need to ask yourself why anyone would be remotely interested in your conversations? Secondly, if you didn’t worry about it before, when it was possible for someone to simply put two clips across your telephone wire to listen in, why are you concerned now when it requires a lot more technical ability?


You also need to separate in your mind the difference between a phone call and other pieces of computer information sent down your telephone line. A phone call happens in real time, its start point is unknown before it happens and is gone forever when it’s over.


Other data, such as emails, are stored in ordered format and can be searched for historically and worked on over time. So phone calls start and finish more securely than most other communication methodologies and don’t leave a stored record of their content.


If you’re making telephone calls that need to be totally secure from eavesdropping you should use no publicly available telephone service.


However, unlike ordinary telephony, VoIP can be encrypted to make it secure but unfortunately there are some very misleading statements being made about secure or encrypted VoIP. To be any use at all, encryption needs to be end-to-end in order to fully protect the conversation.


But currently the only way that this is possible is on a VoIP to VoIP call over the same vendor network using hardware, which supports it and a network, which allows it. This is a rare kind of phone call. The overwhelming majority of calls going to and from companies originate or terminate on the public telephone network. The PSTN is not encrypted, so any calls placed to or from it are unencrypted – there is absolutely nothing any telephone service provider can do about this.


Furthermore, calls from one VoIP network to another VoIP network are also not encrypted which leaves the only use for encryption to be for in-company calling. Sadly, an attacker with access to the phone’s local network will be capable of disabling encryption but if the local network is secured, there’s little to no benefit to encryption.


Because of this we recommend that attention be focused on securing the network where the VoIP devices are connected, rather than create false security from partial encryption - security needs to be total to be effective. The most effective way of securing your own VoIP network is to have all phones connected to Voipfone using Voipfone broadband. This avoids the public internet because you will effectively be privately peered direct with our network.


Are My Own Network And Computers Safe From Outside Attack?


This is possibly a more realistic, though still highly unlikely, threat and it too has to be put in perspective. If you have an ‘always on’ connection to the Internet - which is how broadband works – or a wireless connection and don’t have any protection against external intrusion, your computer and network are vulnerable.


Ignorance is the main enemy. Many PCs have no protection at all from attacks from outside but there is no reason why this should be the case. Most operating systems are now equipped with a firewall and there are all sorts of free and paid for Virus and Spyware guards available.


Normally too, and particularly for business use, you will have a router connected to the Internet and your PCs and VoIP phones connected to it. You then have a further security feature, a hardware firewall that protects your internal network.


All wireless routers provide encrypted security – it just needs to be turned on! If these safeguards are used, you are perfectly safe from all but the most determined attack, and, please note, this has nothing to do with VoIP; it’s just a fact of life if you use the Internet for anything at all.


Can Someone Make Calls And Get Them Billed To Me?


This can only happen if someone gets hold of your password and username and knows their way around your service or if you’re using an unprotected hardware PBX (instead of our normal hosted services). They could then use whatever credit was in your account at the time. Just like if you lost your credit card and wrote your PIN on it.


But obviously you would notice very quickly if this was happening and the thief would only have access to the credit on your account, which is typically only a few pounds. (Voipfone also has a suite of security features, which limit any loss to these sorts of frauds.)


The solution of course is not to allow anyone access to your username or password. Our Customer Support Representatives will never ask by email or anything else for your full password – so never disclose it under any circumstances.


And Finally


Hackers will attempt to get into these new services but they’ll start where they can find the most lucrative or high profile challenge. If small businesses and individuals take normal sensible precautions there is no reason to believe that VoIP will create any new or increased threat.


Got a question?Based in the UK our phone services range from telephone calls, telephone lines, extensions and numbers, through voice prioritised Broadband Access to call forwarding services and sophisticated hosted voip, Virtual PBX (Centrex) and Call Centre products

Speak to a Customer Services Representative

Voipfone can seem very confusing at first, but don’t worry, this is quite normal and we are here to help! One of the great strengths of VoIP is that it can do so much more than an ordinary telephone network whilst costing an awful lot less. In practise Voipfone’s services can be as simple as making a telephone call or as complicated as using a large business switchboard in several countries but anything new takes a bit of getting used to so if you have any questions please feel free to give us a call on 020 7043 5555

Copyright 2004 - 2019, iNet Telecoms® Ltd All rights reserved.