Telephony – CompTIA Security+ SY0-401: 1.3


VoIP and telephony technologies are now integrated into almost all of our networks. In this video, you’ll learn what security concerns exist for telephony-related technologies.

<< Previous Video: Remote AccessNext: Network Access Control >>


A technology that is really past the point of an emerging technology– now it’s embedded everywhere in everybody’s network, it seems– is Voice over IP and other telephony-type functions. Now we have our phones using the network to communicate, sometimes communicating to phones that are on the plain old telephone system– the POTS system– outside of our facility. Sometimes we are doing complete digital communication between sites, all being done over our network. We no longer have third-party phone lines in a traditional sense to communicate via voice and communicate in other ways through this technology.

The problem is that it is a relatively new technology and it’s very difficult to secure. It’s a very complex technology. It’s not simply transferring a file. There are control protocols. There’s a protocol for when you’re picking up the phone and dialing. There’s another set of protocols when you’re sending voice communication or video communication over those links. So of course you have to check every bit of this every step along the way.

And you have security concerns of people being able to get into your voice systems. You have security concerns of people denying access to these voice systems, make it so you can’t use your telephones. So you really want to have firewalls and other security technologies in place.

But every Voice over IP and telephony system is a little bit different. And because of the way that they embed the IP addresses inside of some of these Voice over IP protocols, simple firewalling of port numbers isn’t necessarily going to work well for you. You usually use something called an application gateway. In fact, it would be a real protocol-specific or phone-specific application gateway that understands that Voice over IP technology that you’re using, and is able to communicate properly. It’s able to do NATing properly. It’s able to firewall it correctly and send it through encrypted tunnels the way that it should.

Usually this is something that the provider of the firewall or the application gateway makes you aware. Oh, this works fine with this manufacturer’s telephones. So if you’re implementing Voice over IP and you need to secure it– you need to make sure that your security technologies know about that technology, especially that very specific manufacturer of that telephony technology and it’s able to handle it properly.

And of course, don’t forget your other phones. Just because Voice over IP is out there doesn’t mean you have gotten rid completely of maybe your old phone system. So if there are older phone systems in place, make sure that those are secured properly as well. Make sure that people are not able to use those and make long-distance calls over your system. I shouldn’t be able to walk into a conference room, pick up a phone and start costing you money. So don’t forget about your old technologies. And of course, find the security features in the new technologies that you need and make both of them all work together.