The question of VoIP security often comes up on various VoIP forums, and it's a good one.  Could someone be listening to your conversation?  While it's theoretically possible, here are a few security tips that will help keep your network secure.


The first thing we'd like to point out is that VoIP can actually be much easier to secure than POTS.  Most people are unaware that POTS lines are often very easy to tap.  The demarc (the point at which the telephone company's network ends and your home wiring begins) is often mounted on the outside wall of a house, at ground level.  A small FM transmitter could be attached in a matter of seconds.  Even if your demarc is mounted inside, the wires have to come from somewhere, and are often still attached to the home at ground level, or obscured by trees.

The second thing we'd like to mention are a few security tips.  Since VoIP runs over IP networks, simple network security rules apply.  Let's start with one we were recently surprised to discover is overlooked by a great deal of VoIP users.  Never, ever place your VoIP device in DMZ, except perhaps for brief periods for testing.  This could expose your VoIP device's administration to anyone who knows your IP address.  If your VoIP provider tells you to this, they are wrong and it is time to find a new VoIP provider.  Even if you disable your VoIP device's web server, DMZ still shouldn't be necessary.  Your VoIP provider should handle NAT properly.  If you want to reinvite audio, forward only the specific SIP and RTP ports necessary.

If you have a wireless router, use encryption such as WPA.  The older WEP encryption is not as good as WPA and can be cracked relatively easily.  Once someone is able to access your wireless network they can tap VoIP calls in a variety of ways, such as spoofing a configuration file, changing the SIP server to one they control, or configuring your router to send copies of VoIP data to them.  We rarely advocate replacing working hardware, but if any of your equipment only supports WEP, you should replace it.  Or, better still, don't use wireless.  (Mango's personal opinion here.)

If you do not use wireless or your wireless router is secure, it becomes harder to access your network.  For most people, a hacker physically entering their home and accessing their network is relatively unlikely.  The next weak point in the network are the computers connected to it.  A user could be enticed to install software that would allow the hacker control of the user's computer, and thus access to the network.  Be sure to keep your antivirus software up to date and use common sense when opening email attachments and installing software.

Of course, if you distribute VoIP through your home via an outdoor-mounted demarc, you run into the same security issues that exist with POTS.

While very few methods of communication are completely secure, basic network security practices will provide more than ample levels of security for the average residential or small business VoIP customer.