Bruce Schneier has an article in Wired magazine entitled Why VoIP Needs Crypto. Bruce is a well know cryptographer who's written some definitive work on cryptographic issues. His Crypto-Gram Newsletter is widely read. People who work around security solutions, encryption technologies and the like tend to listen to what Bruce says.

Bruce isn't a real-world VoIP specialist, but his thoughts on security are worth reading. He's really only looking at one small facet of VoIP security - eavesdropping. Bruce describes four ways you can eavesdrop on a phone call

1. You can listen in on another phone extension
2. You can attach some eavesdropping equipment to the wire with a pair of alligator clips
3. You can eavesdrop at the telephone switch.
4. You can tap the main trunk lines, eavesdrop on the microwave or satellite phone links, etc.

I agree with Bruce. That's the threat model for traditional telephony. And ti probably is the threat model people think of with regard to VoIP. So here's the key sentence from Bruce's entire article. This is the real message:

VoIP doesn't fall under the traditional model for telephony threats. VoIP packets, can potentially be intercepted anywhere along the voice path. Hubs, routers, swithches inside the corporate network represent potential breach points.

If you think your network is secure and you don't have to worry, let me give you a pain point to consider. How smart does an end user have to be to buy a $50 WiFi router and access point and plug it into your network just to make his or her own connectivity in their office space a little easier? Do you trust them with your enterprise perimieter security? Or might they unintentionally provide unprotected ingress to your network where someone might get in and listen?

That's a threat that doesn't exist in traditional telephony.

Here's Bruce's summation:

Encryption for IP telephony is important, but it's not a panacea. Basically, it takes care of threats No. 2 through No. 4, but not threat No. 1. Unfortunately, that's the biggest threat: eavesdropping at the end points. No amount of IP telephony encryption can prevent a Trojan or worm on your computer -- or just a hacker who managed to get access to your machine -- from eavesdropping on your phone calls, just as no amount of SSL or e-mail encryption can prevent a Trojan on your computer from eavesdropping -- or even modifying -- your data.

So, as always, it boils down to this: We need secure computers and secure operating systems even more than we need secure transmission.

In a nutshell, we need better systems. Better hardware, software and operating systems. But for many of us, those are still end points on a network. What Bruce doesn't mention is the requirement for thoughtful, mothodical, forward-looking design. Design with an eye to security. We must design networks with an eye to future threats. When you're implementing a VoIP solution, you can't just slap it in and run. If you do, you are potentially throwing the doords to your network wide open.

Technorati Tags: VoIP, cryptography, crypto, encryption, bruce schneier, VoIP security