Tuesday, January 3, 2012

VoIP eavesdropping: Hardening network security to contain VoIP risks


Every organization considering a Voice over Internet Protocol (VoIP) telephone system deployment hears the same dire warnings: “Routing voice calls over a data network exposes calls to eavesdropping.”

While it’s certainly true that any telephone call carries a certain degree of eavesdropping risk, is it true that VoIP calls have an inherently higher degree of risk? In this tip, we explore the ins and outs of VoIP eavesdropping.

VoIP eavesdropping is possible First, it’s important to be clear about one thing: It is absolutely possible to eavesdrop on a VoIP telephone call. It’s also possible to eavesdrop on a telephone call placed using the traditional public switched telephone network (PSTN). The difference lies in the tools and skill set needed to conduct the eavesdropping.

On a traditional telephone network, someone seeking to eavesdrop on a call generally must have physical access to either the telephone or telephone cable, at least at the initiation of the attack. This type of attack is typical in the movies. Whether it’s the good guys or the bad guys conducting the eavesdropping, someone gains access to either a telephone handset or the telephone network interface box -- sometimes located outside a home or office -- places a wiretap listening device on the box, and then monitors calls on an ongoing basis.


No comments: