Separate Your Traffic

When a virus hit the network at Worcester Polytechnic Institute (WPI) in 2004, the university's VoIP-enabled phone system didn't suffer. That's because Tom Lynch, vice president of IT and CIO, and Sean O'Connor, director of network operations and security, understood that security planning was key to maintaining a reliable VoIP network. O'Connor and Lynch have spent the past year testing a Nortel VoIP system that will allow students and faculty studying abroad to communicate with the school via their laptops. The school is also migrating part of its on-campus phone network to VoIP, although for the moment it plans to maintain a hybrid system that will combine the new technology with the old by integrating the VoIP services into the college's legacy Nortel PBX.

In addition to putting up multiple application firewalls, O'Connor and Lynch set up a virtual LAN for voice traffic to help protect it from viruses that could hit the data network. So when that virus hit the campus last year, it never made it onto the VoIP system. "The key is to separate the voice traffic from everyday Internet traffic," says O'Connor. A virtual LAN (VLAN) can protect voice traffic by setting aside a certain amount of bandwidth and separating voice and data by creating "logical barriers".

Bill Ashton, director of IT for the town of Herndon, Virginia, feels comfortable with his recently installed VoIP systems in part because he too has VLANs. Ashton recently moved six town facilities and 160 employees to VoIP telephones and plans to roll out VoIP service to the town's public safety department this northern summer. However, 911 (the US equivalent of 000) calls in Herndon will remain on analogue lines to keep the call centre infrastructure consistent countywide. Public safety officials have expressed concern that calls via a VoIP line may not always reach 911, and that 911 dispatchers cannot trace the location of people calling on VoIP. In early June, the US Federal Communications Commission issued rules that will require VoIP service providers to warn consumers their calls may have trouble reaching a 911 operator.

Emergency services aside, Ashton says he believes VoIP is safe if installed with care. "There will be hacker attacks down the road, so it pays not to cut corners," he says. "If there is one thing I could get fired for, it would be if The Washington Post reported that our public safety system has problems."

VLANs, firewalls and gateways can keep intruders out of the VoIP system, but they don't protect against internal hackers. To add another layer of security to a VoIP system, users should encrypt the "packets" just as they do with data networks. Encryption is important regardless of the protocol being used. (The two main protocols are Session Initiation Protocol, or SIP, and H.323.)

Many VoIP experts now believe that SIP is gaining momentum as the industry searches for common standards. In its basic form, however, SIP traffic is "clear text", which means that voice traffic is vulnerable to "packet sniffers" looking for caller IDs or passwords. According to Chris Rouland, CTO at security firm Internet Security Systems, it's as easy to intercept unencrypted VoIP calls as it is to use an iPod. By downloading software off the Internet, hackers can intercept calls "with a simple click", he says. In order to protect caller IDs, phone addresses and account information, VoIP users need to encrypt SIP traffic.

Even so, VoIP observers say, encryption isn't yet standard practice. "There's a lot of unencrypted VoIP traffic out there," says Good Harbour's Cressey. That's largely because encryption can be cumbersome and expensive. At Kirkland & Ellis, Novak says he spent three months working out encryption-related problems that affected VoIP call quality. In addition to extensive testing and tuning, he is now using a suite of monitoring tools that sample the VoIP network every 30 seconds and alert him if quality has dropped off.

Calculate Your Risk

For O'Connor and Lynch at WPI, migrating to VoIP involves careful calculation of how much risk they are willing to take. For example, while they are comfortable with the idea of administrators, instructors and students using VoIP for basic phone service, they have decided not to include campus security phones on the network. "We are leaving all security phones and kiosks on the copper systems, which have a higher level of reliability," says O'Connor.

O'Connor and other early VoIP adopters say with the current state of VoIP technology, organizations need to decide early which security risks are not worth taking. These may include phones for security and emergency services. "Essential telephone services, unless carefully planned, deployed and maintained, will be at greater risk if based on VoIP," according to the NIST report.

At WPI, O'Connor and Lynch are experimenting with "soft phones" (ordinary PCs with headsets and special software configured to make VoIP calls) for students and faculty who are studying abroad and need to communicate with the school from areas such as Namibia and Thailand. Soft phones offer a way to keep in touch from remote places at lower costs. In a recent test of the soft phones, in which the students and faculty at a facility in Australia made calls over their laptops, O'Connor says he was pleasantly surprised by the quality of service.