VoIP (voice-over-IP) phone systems enable calls to be placed over the internet – either long-distance or local for a fraction of the cost of traditional phone systems. However, VoIP networks that are not hosted within secure networking environments can have specific security drawbacks.
What’s the difference between premise-based and hosted solutions?
Premise-based VoIP systems “live” on site, typically in a server closet. Depending on the type of equipment you choose, a premise-based solution can be cheap. But it’s easy to overlook factors such as scalability, existing infrastructure and ongoing technical support. If you plan on expanding rapidly over the next 12 to 18 months, you are going to need connectivity to back it. Otherwise, you won’t be able to successfully handle the spike in traffic.
Furthermore, business owners may underestimate their technical ability to secure, manage and maintain a premise-based solution. This is where trying to save a buck comes back to haunt you; you may soon be looking to hire an experienced IT person to maintain the system you bought on the cheap. Or you could go another way entirely by choosing a hosted VoIP solution.
Not only does hosted VoIP require no ongoing maintenance and offer simple scalability, hosting – which places VoIP servers in a secure, redundant facility known as a data center – is better from a connectivity standpoint.
Callers have the consistent connectivity they need to stay connected 24/7/365. Technical support is generally maintained by the hosting provider, so if your server needs a reboot or experiences a spike in traffic, on site staff can scale up your bandwidth accordingly while keeping a watchful eye on server performance.
What do these differences mean for security?
Security is the main concern for many VoIP hosting providers. VoIP servers are susceptible to malicious attack, as any other computers or servers are. Whether you choose a hosted or premise-based VoIP solution, be aware of the following security risks:
- Fraud: Attackers gain access to a network, only to siphon off minutes or steal service at others’ expense. If proper encryption methods are not used to authenticate users on a network, hackers can steal user information by:
- eavesdropping – a simple act where attackers listen in to steal precious information like credit card numbers, voicemails or passwords.
- phishing – a classic internet trick. Thieves pose as someone else, asking for your credentials to clear up some non-existent problem. If they trick you into believing they are legitimate, they win and you lose.
- spreading viruses – VoIP software systems can be targeted by malware or viruses. Alternatively, attackers may use a DDoS (distributed denial of service) attack, flooding the VoIP server with requests until it becomes unresponsive.
- Call Tampering: In this instance, attackers intercept calls in transit. They can then tamper with the call, sending noisy packet data or injecting the line with long periods of silence or “white noise”.
- Middleman Attacks: The process of redirecting a call to a different server on a network. In this scenario, attackers may tamper with the call even further by injecting malware or spyware.
- Spoofing: An attacker who has illegally acquired network credentials may display a fake number on a caller ID when placing calls, disguising them accordingly.
- Unregistered Hardware: VoIP software and hardware need to be registered so they can be traced to authorized users. If a device hasn’t been registered, attackers can attempt to log in remotely and use it fraudulently.
How can you decrease your security risk?
VoIP calling is a great way to field a high volume of calls without breaking the bank. However, many overlook the ways in which VoIP calls may be intercepted or tampered with.
To head off threats, consider using a hosted VoIP option like RingCentral Office. Transmitting calls through a secure hosting facility greatly decreases the risk of malicious attack.
In addition, inquire about security before you enter into a service agreement with a hosting provider. They should be willing to outline their security practices.
Ultimately, hosting providers will go to great lengths to provide secure VoIP service. With premise-based systems, however, security is on you.
Originally published Nov 12, 2013, updated Aug 11, 2020