About.com Rating

The Bottom Line

Organizations are, almost universally, jumping onto the VoIP bandwagon. Like most hot new technologies though, security is a primer consideration that seems to be forgotten about until after the fact. Thermos and Takanen do an excellent job of illustrating the weaknesses of VoIP and demonstrating why you should be concerned about securing your VoIP communications. Then, they go on to explain how you can create a secure VoIP network, including architecture diagrams you can use for internal, or outsourced VoIP projects.



Pros

• Eye-opening descriptions of VoIP attacks
• Solid coverage of security of VoIP protocols
• Very useful architecture and engineering diagrams

Cons

• Difficult to identify countermeasures for the attacks demonstrated

Description

• Peter Thermos is CTO of Palindrome Technologies, a provider of information security consulting services
• Ari Takanen is founder and CTO of Codenomicon, a spinoff of the PROTOS test tools research of Oulu University
• The 384 page book was published August, 2007 by Addison-Wesley Professional publishing

Guide Review - Securing VoIP Networks

There are many benefits to VoIP and IP-based communications. However, relying on your network infrastructure to transport your telephone communications renders your telecommunications vulnerable to virtually all of the same issues and threats as your network. On top of that, there are also unique attack vectors introduced by VoIP. As organizations race to deploy VoIP and experience the benefits, most would probably benefit from slowing down to consider the security implications and develop appropriate controls to protect their communications.

In Security VoIP Networks: Threats, Vulnerabilities, and Countermeasures, authors Peter Thermos and Ari Takanen do a superb job of illustrating the insecurities of VoIP. Not to suggest that it is just so inherently insecure that it should never be used, but C-level execs, and IT managers and administrators should be familiar with the information in this book before moving forward to deploy VoIP.

Chapter 2, 'VoIP Architecture and Protocols', provides a solid foundation on the basic components and technologies that make up VoIP. It is the next couple chapters that are the most valuable though. In 'VoIP Vulnerabilities', and 'Threats and Attacks', Thermos and Takanen demonstrate the weaknesses of VoIP and the simplicity with which VoIP communications can be disrupted or intercepted if not set up properly.

Chapters 5 - 8 analyze different security controls and protection mechanisms. One issue I had was that it was difficult to draw a one-to-one correlation and find the security countermeasures to defend against attacks identified earlier. The information is solid though.

The book wraps up by providing a look at what a VoIP security framework should entail, and architecture diagrams to help you create and deploy a secure VoIP solution.