NIST suggests VoIP caution

Links Special Publication 800-58

IP telephony, or voice over IP, poses significant security problems that are challenges at the moment but will become easier eventually, security experts at the National Institute of Standards and Technology say in a draft report released this month.

The authors of the new report say it could be several years before the uncertainty about competing standards is resolved and VoIP systems become mainstream. In the meantime, federal agencies should be careful to acquire the right hardware and software for making their VoIP systems secure.

The authors, Richard Kuhn, Thomas Walsh and Steffen Fries, warn that attempting to integrate VoIP into an already congested data network "could be disastrous for an organization's technology infrastructure."

Because it is unknown which signaling protocol will emerge as a winner in the marketplace, federal agency officials interested in VoIP should buy gateways and other network devices that support both the H.323 protocol and the Session Initiation Protocol, or SIP.

Agency officials must also weigh VoIP security considerations when they select a virtual private network. The NIST document discusses in detail the pluses and minuses of end-to-end VPNs versus firewall-based VPNs.

Security measures can cause numerous complications in VoIP applications, not least of which are firewall-induced delays in setting up calls or encryption-produced latency, the report says.

Another source of complication is the common use of Network Address Translation, a security technique that permits several computers within a local-area network to share an IP address. NAT creates a situation analogous to a telephone network in which several phones have the same telephone number.

Readers can comment on the Special Publication 800-58 draft until June 18 by submitting their suggestions to Rick Kuhn at sp800-58@nist.gov.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.