NIST suggests VoIP caution

Links Special Publication 800-58

IP telephony, or voice over IP, poses significant security problems that are challenges at the moment but will become easier eventually, security experts at the National Institute of Standards and Technology say in a draft report released this month.

The authors of the new report say it could be several years before the uncertainty about competing standards is resolved and VoIP systems become mainstream. In the meantime, federal agencies should be careful to acquire the right hardware and software for making their VoIP systems secure.

The authors, Richard Kuhn, Thomas Walsh and Steffen Fries, warn that attempting to integrate VoIP into an already congested data network "could be disastrous for an organization's technology infrastructure."

Because it is unknown which signaling protocol will emerge as a winner in the marketplace, federal agency officials interested in VoIP should buy gateways and other network devices that support both the H.323 protocol and the Session Initiation Protocol, or SIP.

Agency officials must also weigh VoIP security considerations when they select a virtual private network. The NIST document discusses in detail the pluses and minuses of end-to-end VPNs versus firewall-based VPNs.

Security measures can cause numerous complications in VoIP applications, not least of which are firewall-induced delays in setting up calls or encryption-produced latency, the report says.

Another source of complication is the common use of Network Address Translation, a security technique that permits several computers within a local-area network to share an IP address. NAT creates a situation analogous to a telephone network in which several phones have the same telephone number.

Readers can comment on the Special Publication 800-58 draft until June 18 by submitting their suggestions to Rick Kuhn at [email protected]

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected