There are benefits in sharing a single network, moving from proprietary voice system to standards-based servers, and the flexibility to connect almost anywhere in the world through an existing network. Obviously, VoIP is not immune to the dangers usually related with IP networks. Proposed solutions for VoIP security are already in the market, but these solutions must take into account the real-time constraint of voice service and their mechanisms should address possible attacks and overhead associated with it.
Although VoIP technology have made the theft of telecommunications services less lucrative, VoIP technology has opened the door to new kinds of crimes. The U. S. Department of Justice has gone on record as being concerned about the fast growth of VoIP communications services because they make surveillance and wiretapping difficult and can facilitate drug trafficking, organized crime and terrorism (Keegan, 24 September 1994).
Laura Parsky, a deputy assistant attorney general in the U. S. Department of Justice, told investigators at a June 2004 Senate hearing that [i]f legal loopholes allow criminals to use new technologies to avoid law enforcement detection, they would use these technologies to coordinate terrorist attacks, to sell drugs throughout the United States and to pass along national security secrets to our enemies. The hearing was held to consider changes to the proposed VoIP Regulatory Freedom Act, which, if passed, might require telecommunications providers to build back doors into VoIP networks that would allow for court-ordered wiretaps to be successfully enforced.
Attacks can be launched on the underlying network, the transport protocols, the VoIP devices (e. g. , servers and gateways), the VoIP application, other related applications (e. g. , Dynamic Host Configuration Protocol, DHCP), the underlying operating systems, and more. Vulnerabilities introduced in the design of the product will be a continuous concern, as will improper configuration and implementation. In fact, the fundamental paradigm shift”voice as just another service running on a shared, IP-based infrastructure”calls into question our basic expectations of the security of voice.
The features of the technology employed often subtly, or not so subtly, color security expectations and concerns. For example, the classic attack on confidentiality prior to the electronic age was steaming an envelope open; risks were to be expected and countermeasures were developed with this particularly in mind. But this attack and its countermeasures are clearly irrelevant to a telephone conversation.