| 
APEC LogoAPEC TEL WG LogoVoIP Security

General VoIP Questions

Will VoIP offer any significant benefits over my landline PSTN network?

There are many benefits to VoIP networks, though there are also some tradeoffs. Some potential benefits include higher scalability, mobility and being future ready. To learn more about the differences between VoIP systems and PSTN networks including both positives and negatives, see Differences between VoIP and traditional telephony services.

What’s the difference between software-based VoIP solutions (e.g. Skype) and other VoIP solutions?

VoIP solutions are widely varied. For the home user, software-based VoIP or use of a Voice Box solution may be adequate for their needs. Most businesses will opt for a complete vendor VoIP telephony deployment as they offer the most functionality and scalability. Make the right decision by learning what the differences are between available VoIP solutions. See Types of VoIP Solutions and Selecting your VoIP solution.

Can VoIP be used to replace my cell / mobile telephone?

Mobile VoIP does exist, however in 2008 it is still in its infancy, and offered by a limited number of service providers. Currently, most users would find the service inadequate to completely replace their cell / mobile telephone. Learn more about VoIP mobility in Differences between VoIP and traditional telephony services and Selecting your VoIP Solution

VoIP Security Questions

Is VoIP secure?

The protection that VoIP offers for the privacy of calls varies depending on how the VoIP system is implemented and on the environment that the system is integrated into. VoIP can be secured to similar or stronger levels of security than PSTN networks. For further background on VoIP and the security offered of the service, see Section X: VoIP Security Primer, Page X.

How strong is the privacy in VoIP?

VoIP privacy can be close to or equivalent to that of PSTN networks, though requires some additional security measures to bring it to this level. For further background on some of the privacy and confidentiality issues in VoIP, see Section x: VoIP Threats: Confidentiality, Page X.

Are there any fraud or theft risks with VoIP?

Fraud and theft risks do exist in VoIP, as with any communication protocol or network. However controls can be implemented to minimise this security risk. See Section x: VoIP Threats: Integrity, Page X.

Does VoIP have any reliability issues compared to traditional telephony?

VoIP operates via a significantly different transport method to that of traditional telephony, and is a relatively young technology (circa 20 years) when compared to traditional telephony (over 100 years). As a result of these two factors, VoIP suffers from a number of availability issues. These include issues from network congestion, power availability and malicious disruption of services. To learn more about these, see Section X: VoIP Threats: Availability, Page X.

At a technical level, what are the security risks involved with a VoIP implementation?

There are many security attacks which can potentially jeapordise the confidentiality, integrity or availability of VoIP services. Some of these include eavesdropping, message alteration and theft of service. For more information on the technical aspects of security risks in VoIP see Section X: VoIP Security Threats in Detail.

How can I secure my VoIP implementation?

Securing a VoIP implementation requires careful consideration and customisation to ensure that the controls put in place best cater for each organisation’s infrastructure, policies and risk tolerance. Some of the available security measures include implementing a VPN, firewall and encrypting traffic. For more information on security measures, see Section X: Protecting your VoIP System.

How can I secure my workstation, and what are some general security measures I should be aware of?

There are a number of standard practices that should be followed when connecting to the Internet, regardless of use of VoIP or not. For information and basic recommendations on these standard practices, see Section X: Computer Security Essentials.