news / tech talk

VOIP Data Connections

by Lee LeClair
03/10/2008
As seen in Inside Tucson Business

If your office is considering an update of its telephony structure, you may find yourself considering technologies like Voice Over IP (VOIP), Video Teleconference Over IP (VTCOIP), Skype, GoogleTalk, etc. As you consider the pros and cons of these technologies, do not forget to consider the aspects of security and performance.

The primary telephony structure is still switched virtual circuits provided by the telephone companies; these provide a virtual dedicated circuit from your phone to the one you are calling, typically with about a 64kKHz bandwidth circuit in the US. It provides high quality low latency performance through the use of circuits that are dedicated once they are established when you make the call. This technology has been with us for decades though like everything else it has improved with time (most circuits are digital now where they were once analog).

A security benefit of this technology is that it is largely purpose-built and has been traditionally separate from data networks. Your telephone instrument is not a very smart device and you don’t store data on it so there is not much point in trying to crack into it. Phone phreaking is a time-honored tradition but the intent of it was usually to be able to make free phone calls. Tapping telephone lines typically required getting physical access at the telephone or to the lines nearby; a risky business.

In contrast, data networks were designed for data packets and “bursty” traffic profiles that could operate with delays and latency. Most data traffic does not require near-zero latency; if your email takes a few seconds or minutes to get to its destination, it’s no big deal. However, the need for separate sets of cables, wall outlets, and equipment dedicated to your computers and telephones became a target for cost savings and consolidation when voice capabilities were demonstrated on data networks. Higher bandwidth networks and the ability to use Quality of Service for data prioritization in networks alleviated some pressure on latency and voice quality while the ability to use a single set of cables and switching equipment for both voice and data was attractive. However, there are some serious security issues to consider.

A converged network means that there must be a path for voice traffic on your data network and that means that path could be subverted for data compromise. Recording voice conversations is simpler if you can capture the data packets on the network just like any other data packet can be captured. Finally, the popularity of softphones (telephones in software that reside on PCs) along make for significantly more tempting targets since they operate on the PC that your data resides on. From a reliability view, softphones are dependent on PCs and operating systems – items that are inherently less stable than dedicated hardware telephone instruments. Also, some software “telephones” like Skype are really software applications that use creative methods to get around firewalls between calling parties. It’s a new world out there and only time will tell how well these technologies will work and how secure they are.

If you can, logically separate your voice network from your data network with VLANs so you have both a performance boost and greater security. Be careful, plan well, makes changes in increments, and monitor your progress and you should be alright.

Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business