Read an Excerpt

VoIP Security

DIGITAL PRESS

Chapter One

Have you ever thought to yourself "Why should we do this VoIP thing?" or "What value will voice over Internet provide my company?" or even "What is all this VoIP craze?" Simply put, Voice over Internet Protocol (VoIP) refers to the process of transporting voice communications over Internet Protocol (IP) networks like the Internet. VoIP is somewhat of a misleading term because it implies such a restricted focus on "voice." The term IP Telephony (IPTel) is more general. Telephony over IP (ToIP) describes the transport of real-time text over IP networks. It differs from instant messaging in that ToIP systems transmit bidirectionally one character at a time. This gives the user the feel of real-time communication, just like voice or video systems that transport streaming media over IP. ToIP is a term used to mean the transport of text over IP from a ToIP-enabled IP phone, PC-based client, or a legacy TTY device connected to a Public Switched Telephone Network (PSTN) gateway.

A TTY is also known as a Telecommunications Device for the Deaf (TDD). The TTY consists of a keyboard, which holds somewhere from 20 to 30 character keys, a display screen, and a modem. The letters that the TTY user types into the machine are turned into electrical signals that can travel over regular telephone lines. When the signals reach their destination (usually another TTY), they are converted back into letters, which appear on a display screen, are printed out on paper, or both. Some of the newer TTY devices are even equipped with answering machines. As good as TTY devices are, the innovation that comes from the use of the Internet for communications has far exceeded most expectations when the Internet came into being as a popular new media only a decade or so ago. Now, as with most technologies, VoIP has many potential benefits as well as obstacles that may be encountered. This chapter addresses both the benefits of and obstacles to VoIP.

1.1 Internet Telephony versus Telephony over the Internet

IP Telephony (IPTel) refers to the transport of voice, video, text, and other real-time media over IP networks. IPTel is considered to be a key technology that will provide advances in communication for end users and is expected to completely replace the PSTN over time. According to the International Telecommunication Union (ITU) Web site,[1] the die has been cast for the continued future of IPTel:

The Internet and IP-based networks are increasingly being used as alternatives to the public switched telephone network. Internet Telephony Service Providers (ITSPs) can provide voice and fax services which are close to becoming functionally equivalent to those provided by public telecommunication operators (PTOs). However, few ITSPs are licensed by national authorities and they generally do not have any universal service obligations. Many countries ban IP telephony completely, yet IP calls can be made to almost any telephone in the world. Many PTOs are establishing their own IP telephony services, and/or using IP-based networks as alternative transmission platforms. In the longer term, as more and more voice traffic becomes IP data traffic, there will be little to distinguish between IP telephony and circuit-switched telephony. However, many telecommunications regulatory schemes depend upon such a distinction, both physically and as a matter of policy and law. As these trends continue, the telecommunications framework will come under increasing pressure to adapt.

It is also inevitable that most governments of the world will wrestle with the use of IPTel and determine just how to turn these advances in technology into another form of revenue, for which ordinary users will undoubtably pay, that will be used to create even more forms of bureaucracies, whose specific purpose is to oversee and regulate what is now unregulated and untaxed. Until that time comes, however, the average Internet consumer/user will benefit greatly from such strides in technology.

1.2 The Value of VoIP: Return on Investment (ROI)

ROI is a major selling point for the use of VoIP. Why wouldn't it be? Some of the more attractive components of VoIP are large cost savings (especially in the area of long-distance telephone costs), new features, and converged networks. Bottom-line cost savings are fairly easy to quantify, whereas other VoIP benefits, such as productivity improvements, are more difficult to quantify in terms of ROI. As with most ROIs, there are both hard and soft benefits. Hard benefits are the easiest to sell to management, because they result from clearly defined, tangible cost savings. In contrast, soft benefits are called soft because they don't necessarily save real money, and they are usually harder to quantify from a business perspective. For example, stating that use of XYZ technology will increase productivity because of some inane reason or another is a soft benefit. Clearly, trying to measure productivity increases can become convoluted and subject to interpretation. The inane reason may or may not be something all staff members agree on—the very nature of disagreement that could (and usually does) exist causes this to be considered a soft benefit. Therefore, most organizations focus solely on the hard cost savings, but it is always important to clearly differentiate between hard and soft benefits to improve the credibility of the business case with financial decision makers. The company will not care if it is saving five cents per minute on VoIP calls if their sales productivity is decreasing because of poor-quality or dropped calls.

1.2.1 Getting the Most from VoIP: Cost Savings

The cost of VoIP implementation expenses are an important factor in making IT spending decisions. VoIP implementations can require a significant amount of new equipment and often also require significant infrastructure upgrades. In order to reduce the initial capital outlay necessary for implementing VoIP, many vendor companies are now offering equipment-leasing plans to spread the expense over several years or staging the VoIP deployment gradually as a means of easing the cost burdens. As with any new technology that is introduced into the corporate environment, the ROI scenario may vary across many different site locations. The unique deployment scenarios required for each site usually mean that the cost savings are likely to occur in several business areas, each area seeing individual impact on capital costs, expenses, and user productivity. A successful VoIP implementation will recognize these differences and use them to guide the strategy for inserting VoIP into existing infrastructures. A successful VoIP implementation will be designed as a long-term investment that will provide returns in capital and productivity savings, and help avoid additional security risks.

1.2.2 Capital and Expense Savings

VoIP may be an infrastructure that is already paid for if you own the IP network or are already paying an Internet Service Provider (ISP) for bandwidth. Because long-distance telephone calls are typically a major line item in an organization's budget, the use of VoIP can result in significant capital and expense savings over a PSTN. VoIP users only incur the cost of using the network, in contrast to PSTN users, whose long-distance costs can vary depending on the distance called (location of caller and callee) and the time at which the call occurs.

Centralized call-processing architectures are available from several VoIP manufacturers and can reduce equipment, maintenance, and support costs. These architectures also enable organizations to standardize the voice services that they deliver to their employees. A centralized team can now manage the entire organization's voice services from a single site, rather than requiring internal or outsourced resources to manage each Private Branch Exchange (PBX) or key system.

The use of VoIP can also result in a reduced incremental cost of network ownership. The nearly unlimited capacity of most corporate LANs will allow a new VoIP user to be added at a reduced per-user cost. A VoIPenabled data network also enables the easy and inexpensive addition of new corporate office networks, which also reduces the expense of incremental costs.

Because of the PSTN toll rate structure, companies with a large number of international sites may find the long-distance phone call cost savings from toll bypass attractive. Bypassing the PSTN and making telephone calls on an IP network is referred to as toll bypass. This occurs when a PBX or an IP PBX is connected to a VoIP gateway, which is then connected to an IP network. Instead of going from the PBX to a PSTN switch, the call traffic goes from the PBX to the VoIP gateway, avoiding the toll or cost of using the PSTN for long-distance calls. In most cases, the long-distance costs associated with PSTN usage should decrease after a VoIP implementation. Some companies may want to keep the PSTN as a fallback network. Many organizations will not convert to VoIP completely or all at once because of disaster recovery and business continuity concerns during the migration phase and proceed in staged implementations.

Rather than absorbing the costs of buying or leasing a PBX and network infrastructure for PSTN calls in addition to an IP network, both voice and data can run on one network, resulting in savings that provide a lower total cost of network ownership for VoIP. Single networks are also easier to expand and change, reduce the wiring costs required for two networks, and can easily incorporate wireless infrastructures.

1.2.3 Productivity Savings

VoIP implementations can also result in quantifiable savings in several areas, including the following:

* Management and support savings

* Enhanced mobility

* Reduced site preparation time

In some cases, infrastructure convergence through the use of VoIP will make it possible to reduce the internal staff required to support and manage the two separate infrastructures. As discussed later in this section, this savings must be balanced with the cost for training, because the management of a converged network requires consolidating existing infrastructure and, in some cases, learning new skills. For example, IT personnel will need to learn telecom skills, and telecom personnel will need to learn data-networking skills.

VoIP offers enhanced mobility, which can allow many organizations to institute more flexible work environments and reduce facilities and real estate costs while increasing employee productivity and morale. This capability allows individuals to log in to any phone within the organization and still have their extension number and any applications or services they use available to them, even though they are away from their desks. For many organizations, this new capability can result in significant cost savings and even revenue growth through increased productivity.

(Continues...)

---

Excerpted from VoIP Security by James F. Ransome John W. Rittinghouse Copyright © 2005 by James F. Ransome and John W. Rittinghouse. Excerpted by permission of DIGITAL PRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---