NIST suggests VoIP caution

Links Special Publication 800-58

IP telephony, or voice over IP, poses significant security problems that are challenges at the moment but will become easier eventually, security experts at the National Institute of Standards and Technology say in a draft report released this month.

The authors of the new report say it could be several years before the uncertainty about competing standards is resolved and VoIP systems become mainstream. In the meantime, federal agencies should be careful to acquire the right hardware and software for making their VoIP systems secure.

The authors, Richard Kuhn, Thomas Walsh and Steffen Fries, warn that attempting to integrate VoIP into an already congested data network "could be disastrous for an organization's technology infrastructure."

Because it is unknown which signaling protocol will emerge as a winner in the marketplace, federal agency officials interested in VoIP should buy gateways and other network devices that support both the H.323 protocol and the Session Initiation Protocol, or SIP.

Agency officials must also weigh VoIP security considerations when they select a virtual private network. The NIST document discusses in detail the pluses and minuses of end-to-end VPNs versus firewall-based VPNs.

Security measures can cause numerous complications in VoIP applications, not least of which are firewall-induced delays in setting up calls or encryption-produced latency, the report says.

Another source of complication is the common use of Network Address Translation, a security technique that permits several computers within a local-area network to share an IP address. NAT creates a situation analogous to a telephone network in which several phones have the same telephone number.

Readers can comment on the Special Publication 800-58 draft until June 18 by submitting their suggestions to Rick Kuhn at sp800-58@nist.gov.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.