The Great VoIP Rush

Consumers are flocking to VoIP like prospectors to the hills—ready or not.

Before you deploy VoIP, make sure you are working closely with your IT and information security staffs to ensure that it is done right the first time.

The following example illustrates the reality shift you need to deal with before going VoIP. Today, if you're working at your desktop and you notice your network connection has suddenly closed, you sigh in frustration and pick up the phone to call the help desk. You find out that the help desk is aware of the problem and is estimating at least a 20-minute outage as they evaluate the problem and determine what is necessary to resolve it. You then call a coworker to discuss a couple of ideas for a particular project while you wait for the network to come back. But wait…

In a VoIP environment, which is running on the network, you may not be able to make that call, nor can you make a sales call, nor can you call home to let your spouse know you will be a few minutes late coming home, nor, for that matter, can you call the help desk. Obviously the particulars of these problems will depend upon individual situations, but the fact is that your telephony is now dependent upon network availability. Imagine that you have a medical emergency in the building at the same time. You may not be able to call 9-1-1—at least not from a desk phone.


Information Security Issues

VoIP uses TCP/IP both within your network and over the Internet, and that brings with it a whole raft of information security issues. The first thing to understand is that all of the information security exposures, controls, management issues, network vulnerabilities and challenges that already exist in the network and the Internet will become issues for VoIP. If you are not aware of these issues, then now is an excellent time to get to know your IT folks.

There are a number of recent articles and studies describing VoIP security problems. For example, Germany 's Federal Office for Security in Information Technology released a report in October that listed 19 varieties of attacks on VoIP systems that could lead to identity theft, data manipulation and transmission errors. Hackers have also discovered a means to manipulate the cost codes used to bill for phone calls, “zeroing out” the codes to eliminate legitimate call charges.

Bandwidth. One of the first challenges you will need to plan for is network bandwidth. Your available bandwidth may limit how you can deploy VoIP. A bandwidth analysis and test will be useful in determining the real costs and issues prior to an implementation. If the pipe is simply not big enough, your VoIP may have significant performance issues. There are a number of measurements that you may want to become familiar with before you complete that analysis.

Latency . With VoIP, when you talk into the phone, the conversation is broken into packets. The packets arrive at the other end of the connection and are reassembled so that the recipient hears the conversation. Latency is the time it takes for the packets to get from the source to the destination. Most users expect a phone delay of about 150 ms, because that's what they have grown to expect from telephone systems. Obviously, if your network bandwidth cannot deliver latency in the neighborhood of 150 ms, then you will have users complaining about how slow the system is. There are many things that can impact latency. Unfortunately, many security controls, such as encryption of sensitive conversations, can slow things down. The frequent result is that security controls are sacrificed for higher throughput.

Jitter. Jitter is manifested when packets have different latencies. If the packets don't travel at the same speed, then the reassembly of the packets becomes problematic and the person listening on the other end hears the effect of that problem. In addition to jitter, you can experience packet loss, where some packets simply don't make it to the other end, or arrive too late to be included in the traffic. Again, the quality of the call suffers.