Page 865 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 865

Secure Voice Communications


               The vulnerability of voice communication is tangentially related to
               information technology (IT) system security. However, as voice
               communication solutions move on to the network by employing digital

               devices and VoIP, securing voice communications becomes an
               increasingly important issue. When voice communications occur over
               the IT infrastructure, it is important to implement mechanisms to
               provide for authentication and integrity. Confidentiality should be
               maintained by employing an encryption service or protocol to protect

               the voice communications while in transit.
               Normal private branch exchange (PBX) or POTS/public switched

               telephone network (PSTN) voice communications are vulnerable to
               interception, eavesdropping, tapping, and other exploitations. Often,
               physical security is required to maintain control over voice
               communications within the confines of your organization’s physical
               locations. Security of voice communications outside your organization

               is typically the responsibility of the phone company from which you
               lease services. If voice communication vulnerabilities are an important
               issue for sustaining your security policy, you should deploy an
               encrypted communication mechanism and use it exclusively.


               Voice over Internet Protocol (VoIP)


               VoIP is a technology that encapsulates audio into IP packets to
               support telephone calls over TCP/IP network connections. VoIP has
               become a popular and inexpensive telephony solution for companies
               and individuals worldwide.

               It is important to keep security in mind when selecting a VoIP solution
               to ensure that it provides the privacy and security you expect. Some
               VoIP systems are essentially plain-form communications that are

               easily intercepted and eavesdropped; others are highly encrypted, and
               any attempt to interfere or wiretap is deterred and thwarted.

               VoIP is not without its problems. Hackers can wage a wide range of
               potential attacks against a VoIP solution:
   860   861   862   863   864   865   866   867   868   869   870