How To Use Computer Phones and VoIP Safely

[RaGa_Muffin]

RaGa's Guide To Safe VoIPing

The technology of using your internet connection to make telephone calls has been around for sometime - I use it loads for chatting to friends and family. I even purchased a Verball for my little sister
You've probably seen the internet phones in Tescos and maybe you have wondered what they are about or how you can use them? VoIP is becoming the major communication tool across the globe offering free calls from your computer to anywhere in the world. The most popular way of using a VoIP phone is by signing up for a Skype account. It's free and allows you to get in touch with friends and family using your computer phone. Using VoIP is very simple and there is no reason why you should not embrace this technology and stop paying for overpriced telephone calls from your local phone company!

However, it's worth talking about some of the potential problems and dangers of using a VoIP phone. This is not mean't to frighten you or put you off using an internet phone but as with all things related to surfing the web it pays to know about potential security problems. You might want to read this before using your PC for making business calls and for conversations you'd rather keep private.

Did you know that over 90% of computer phones (VoIP) are not secure because they use a public known codex (publicly known encryption of sound packets) and a publicly known protocol to transport voice conversations. Users of these type of services are unknowingly exposing themselves to anyone who wants to listen in or access their confidential information. In addition, because of the public nature of the system, the user's computer is vulnerable and can result in a costly computer crash and total loss of all information.

There are five areas to address when checking for Security when looking for a VoIP Service Provider. Here's how a VoIP Service should protect your security, whether on dial-up, wireless, satellite, or cable connections.

1. Call Security: A VoIP service's audio (your voice) should compress your voice into proprietary encryption packets to travel across the internet, and return back to voice at destination. That particular VoIP service should host proprietary software, and as such, the only one that can interpret the voice and data contained in those packets.

2. Computer Phone Identity: When your first download and install a VoIP provider's computer phone, a confidential phone number and password should be given to protect against unauthorized installation.

To protect against unauthorized installation, your computer phone's setup process should combine the phone name and hardware data from the PC on which it was installed to create a unique ID string known only to that VoIP's own server. Because of the association between the unique ID with that particular PC, it prevents one person from reconfiguring their VoIP service's computer phone to spoof another. It also prevents someone from copying that VoIP service's software to another PC and then using it without having gone through the password-protected installation process.

3. Client Server Model: The VoIP service should follow a client-server model. The client is the softphone offered by a particular VoIP service. That particular VoIP service's Server should be behind a highly secure proprietary firewall hosted in a professional facility. Any information shared should therefore only be between the client and server of that particular VoIP service. This means, that unlike some peer-to-peer solutions, private information about "buddy" lists or call patterns, etc., remains entirely confidential.

4. Softphone Setup: Firewalls vary widely and each network configuration may be quite different. When a VoIP service's softphone first initializes, it discovers its ability to reach that VoIP's service server, as well as a variety of ports and protocols for placing calls, depending on the results of its discovery. In a strict environment, the VoIP service's softphone uses the same path the proprietary firewall already permits for web browsing (typically TCP ports 80 and 443). This allows users to make calls from anywhere without compromising or reconfiguring their own firewalls.

The VoIP service's softphone should be able to initiate conversations with that VoIP service's server and keep the server updated as to its status. By doing this, no public IP address needs to be setup for the PC running the computer phone. It also enables user flexibility without concern about security or privacy when moving from network to network. The VoIP service's computer phone should be compatible with Network Address Translation (NAT) and Port Address Translation (PAT), and the kind of dynamic addressing that is found in wireless "hotspots", hotel internet access, and dial-up.

5. Monitoring Capability: A strong security model should include an auditing mechanism to monitor usage and activity. This means that each computer phone should include its own usage log, enabling users to look through their own personal history of inbound, outbound, and missed calls. In addition, the VoIP service's website should provide users the ability to view all individual phone call charges using the already set up confidential number and password.

[DanDaMan]

Interesting stuff. I presume Skype ticks all these boxes?

[maiko03]

Great info there, I would have never even thought twice about possible problems and dangers of VoIP.