Voipfone Voipfone
Voipfone

VoIP Security - Pragmatic Guide

Whenever a new technology comes along someone worries about how safe it is - this is fine, even good, so long as we keep things in perspective.

But often we get the odd 'sky is falling' prediction, pointing out the worst that could possibly happen in the worst of all possible worlds. Eventually, when the sky can be seen to be safely in place and some of the more glaringly obvious holes in the new things have been plugged adequately, we take the new for granted and judge the next thing along against it - as though it itself was now perfect.

That's life I guess and VoIP is no different so here's a pragmatic, mostly non-technical security guide to VoIP; the new kid on the block.

How VoIP Works

A piece of software on your computer or in your VoIP telephone converts your analogue voice into packets of digital information which are then sent down your internet connection to whomever you are calling. Their software then collects the packets, re-assembles them and converts them into sounds you can hear in your phone. This is called an 'on-net call' because it is VoIP end to end.

If the call goes to a telephone on the old-fashioned telephone network - the PSTN (Public Switched Telephone Network) - the call is passed from the VoIP provider through a gateway into BT's network and on to the called party. This is called an 'off-net call'.

While all that is happening with your voice, some other stuff is being sent to your VoIP service provider giving them information that they use for billing and call management purposes - such as who the call is to and how long it lasts.

Our Network

Our Network

Although anyone can use our service, we run a network particularly for small business users and you have told us that reliability of service is your number one requirement - we are aware how much you rely on us; as we do ourselves. You are also concerned about call quality because for business use, call quality must be excellent at all times.

Consequently we have built a very robust network. Our up time since 2007, as measured independently by Monitor Us, has been 99.99%.

Read More

About Security

When someone says 'how secure is VoIP?' you really need to know what they are thinking about. Normally they just means 'is it possible to eavesdrop on my conversation?' And the dead honest answer is 'yes'.

But there's much more to it than that.

In practice the security issues for VoIP users break down into 3 basic areas.

Can Anyone Tap Into My Telephone Call?

Just like an ordinary phone or mobile, people can physically hear your calls - of course. Most people using mobiles on trains don't appear to care.

If you are concerned that people may be able to hear your conversations or hack into your call remotely by listening in to them it is certainly possible that with the right equipment, a lot of knowledge and a good incentive, that someone may be able to do so; just as it is with both mobile and ordinary landline telephony.

However, there are a few things to consider. Firstly, you need to ask yourself why anyone would be remotely interested in your conversations? Secondly, if you didn't worry about it before, when it was possible for someone to simply put two clips across your telephone wire to listen in, why are you concerned now when it requires a lot more technical ability?

You also need to separate in your mind the difference between a phone call and other pieces of computer information sent down your telephone line. A phone call happens in real time, its start point is unknown before it happens and is gone forever when it's over.

Other data, such as emails, are stored in ordered format and can be searched for historically and worked on over time. So phone calls start and finish more securely than most other communication methodologies and don't leave a stored record of their content.

If you're making telephone calls that need to be totally secure from eavesdropping you should use no publicly available telephone service.

However, unlike ordinary telephony, VoIP can be encrypted to make it secure but unfortunately there are some very misleading statements being made about secure or encrypted VoIP. To be any use at all, encryption needs to be end-to-end in order to fully protect the conversation.

But currently the only way that this is possible is on a VoIP to VoIP call over the same vendor network using hardware, which supports it and a network, which allows it. This is a rare kind of phone call. The overwhelming majority of calls going to and from companies originate or terminate on the public telephone network. The PSTN is not encrypted, so any calls placed to or from it are unencrypted - there is absolutely nothing any telephone service provider can do about this.

Furthermore, calls from one VoIP network to another VoIP network are also not encrypted which leaves the only use for encryption to be for in-company calling. Sadly, an attacker with access to the phone's local network will be capable of disabling encryption but if the local network is secured, there's little to no benefit to encryption.

Because of this we recommend that attention be focused on securing the network where the VoIP devices are connected, rather than create false security from partial encryption - security needs to be total to be effective. The most effective way of securing your own VoIP network is to have all phones connected to Voipfone using Voipfone broadband. This avoids the public internet because you will effectively be privately peered direct with our network.

Are My Own Network & Computers Safe From Outside Attack?

This is possibly a more realistic, though still highly unlikely, threat and it too has to be put in perspective. If you have an 'always on'connection to the Internet - which is how broadband works - or a wireless connection and don't have any protection against external intrusion, your computer and network are vulnerable.

Ignorance is the main enemy. Many PCs have no protection at all from attacks from outside but there is no reason why this should be the case. Most operating systems are now equipped with a firewall and there are all sorts of free and paid for Virus and Spyware guards available.

Normally too, and particularly for business use, you will have a router connected to the Internet and your PCs and VoIP phones connected to it. You then have a further security feature, a hardware firewall that protects your internal network.

All wireless routers provide encrypted security - it just needs to be turned on! If these safeguards are used, you are perfectly safe from all but the most determined attack, and, please note, this has nothing to do with VoIP; it's just a fact of life if you use the Internet for anything at all.

Can Someone Make Calls & Get Them Billed to Me?

This can only happen if someone gets hold of your password and username and knows their way around your service or if you're using an unprotected hardware PBX (instead of our normal hosted services). They could then use whatever credit was in your account at the time. Just like if you lost your credit card and wrote your PIN on it.

But obviously you would notice very quickly if this was happening and the thief would only have access to the credit on your account, which is typically only a few pounds. (Voipfone also has a suite of security features, which limit any loss to these sorts of frauds).

The solution of course is not to allow anyone access to your username or password. Our Customer Support Representatives will never ask by email or anything else for your full password - so never disclose it under any circumstances.

And Finally

Hackers will attempt to get into these new services but they'll start where they can find the most lucrative or high profile challenge. If small businesses and individuals take normal sensible precautions there is no reason to believe that VoIP will create any new or increased threat.

Got a Question?

New technology can seem confusing at first, but don't worry, we are here to help!

Contact Customer Services

Got a Question?

You can speak to one of our Customer Service representatives by calling our dedicated Customer service line on 020 7043 5555 and we will be happy to answer any questions you have.

Configure Services

Log in to your online control panel to configure your services. With Voipfone's online control panel you can manage your account in real time, from your PC anywhere in the world.

Signup

You can try our service for FREE - without risk or commitment. Firstly, we'll give you a free incoming 056 telephone number so that people can call you from ordinary telephones.