When you speak on the phone, it’s natural to believe that it’s a private conversation between you and the person on the other end of the line. However, do you know what mechanisms are employed to deliver this confidentiality? And how confident can you truly be in these security measures?
Lately there have been a lot of concerns about privacy when it comes to the texts and phone calls we send. Not all messenger and phone apps are created equal. Many make it very easy for the contents of text messages and phone calls to be intercepted and hijacked. In addition to that, many are easy for other agencies to breach your right to privacy without any notice or reason.
Now for the most part, that last one is not an issue unless you’re up to something nefarious, which we’ll assume you’re not. However, when it comes to using their phones, most people would like to know that their messages, are secure and not privy to prying eyes.
The issue with texting and phone apps is that not all provide end-to-end encryption, which leaves your messages and phone calls vulnerable to being intercepted by people you had no intention of sending it to.
Anatomy of a VoIP telephone call
To understand how VoIP security works, we must first understand how VoIP conversations are implemented. Unlike data communications, which consist of single streams of data moving from source to destination, VoIP communication consists of two distinct communication streams that work together for each call.
Signaling
The first form of communication is the exchange of signaling information, which is the communication between IP phones, VoIP apps, desktop VoIP endpoints, voice gateways and IP PBXs. This signaling data deals with the initiation, maintenance and teardown of the telephone connection itself.
Signaling allows these devices to perform all the functions they were designed to perform, including making a phone ring and routing a call to the appropriate device using the touch-tone dial pad. It also enables devices to execute features such as call display, call transfer, call waiting, call hold and many others.
Voice
The second vital component of a VoIP telephone call is the stream of data that carries the actual voice packets. When you speak, a VoIP endpoint digitizes your voice and sends the packets containing your voice information to the recipient’s VoIP endpoint, where it is reconstructed and reproduced.
Once the signaling establishes a simple VoIP call, voice packets are exchanged directly between the VoIP endpoints themselves.
Employing VoIP security
Fortunately, it is relatively difficult to attack VoIP even if you don’t configure any security. That said, the risks are there, so it makes sense to take precautions that can thwart even the most tenacious attacker from disrupting your VoIP communication.
The practicality of implementation and alternatives
In most cases, employing Secure SIP, SRTP, and SRTCP on your VoIP services does not require you to do any coding or complex configurations. The VoIP services that you use as a business, whether cloud-based, server-based, or appliance-based, may inherently include them in their implementations.
Alternatively, they may give you the option of enabling them whenever needed, usually via a checkbox or an option within a control panel. Ask your VoIP provider about these protocols, whether they support them and how you can enable them.
Some alternatives to these protocols include the use of a firewall or session border controller (SBC) to protect the internal enterprise network from external attacks. However, while this is effective, it cannot protect from attacks initiated from inside the enterprise network or aid in protecting remote workers.
Conclusion
Most VoIP providers deliver services that are already airtight in terms of security. However, it is important to do due diligence and ask the right questions to ensure that you are as safe as you can be, including verifying that all security features that can be enabled are turned on. Knowing how VoIP security works will make you that much more effective when negotiating with your VoIP provider.
Other tips safety measures can be to research apps before you download. Look at how many people have downloaded the app, read what they have said about it, and determine who created it. In some cases, an app may replicate features that are available through a service’s website. If that is the case, you may want to consider accessing the service through your smartphone’s web browser. Look for a privacy policy. If the app store or download screen doesn’t show it, usually the app’s website will.
