Voice over Internet Protocol (VoIP) Security

Paperback (Print)
Buy New
Buy New from BN.com
$56.65
Used and New from Other Sellers
Used and New from Other Sellers
from $2.56
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (9) from $2.56   
  • New (5) from $29.01   
  • Used (4) from $2.56   

Overview

"Voice Over Internet Protocol Security is both unique and timely. Ransome and Rittinghouse expertly describe the technical fundamentals, salient business drivers, and converged network infrastructure security risks and challenges IT and security professionals encounter when implementing enterprise-level VoIP systems." — William M. Hancock, Ph.D., CISSP, CISM, CSO, Savvis Communications.

"This book should be required reading for anyone contemplating a VoIP implementation for three reasons: first, it deals with telecom technology and standards from Alexander Graham Bell onward. This puts VoIP in its proper context as an integral, evolved part of a global system that is potentially vulnerable. Second, it provides a detailed tutorial on all of the major aspects of VoIP implementation from a pragmatic point of view. Finally, it addresses the very real security issues that could put the global telephone system at risk if not dealt with professionally. I would heartily recommend your entire project team buy this book and read it carefully!"— John Milner, MIS Director, Cambridge University

Voice Over Internet Protocol Security has been designed to help the reader fully understand, prepare for and mediate current security and QoS risks in today’s complex and ever changing converged network environment and it will help you secure your VoIP network whether you are at the planning, implementation, or post-implementation phase of your VoIP infrastructure.

• This book will teach you how to plan for and implement VoIP security solutions in converged network infrastructures. Whether you have picked up this book out of curiosity or professional interest . . . it is not too late to read this book and gain a deep understanding of what needs to be done in a VoIP implementation.

• In the rush to be first to market or to implement the latest and greatest technology, many current implementations of VoIP infrastructures, both large and small, have been implemented with minimal thought to QoS and almost no thought to security and interoperability.

James Ransome, Ph.D., CISSP, CISM has over 30 years experience in domestic and international security within the intelligence, defense, federal law enforcement, and the private sector. Dr. Ransome is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines.

John Rittinghouse, Ph.D., CISM has over 25 years experience in IT and Internet security in both the government and private sector. John is the author of several IT and security books and is often sought for large enterprise infrastructure issues. He is a member of the FCC’s Network Reliability and Interoperability Council (NRIC) Homeland Security subcommittee on Cybersecurity (NRIC FG2B) VoIP working group.

Read More Show Less

Editorial Reviews

From the Publisher
"Voice Over Internet Protocol Security is both unique and timely. Ransome and Rittinghouse expertly describe the technical fundamentals, salient business drivers, and converged network infrastructure security risks and challenges IT and security professionals encounter when implementing enterprise-level VoIP systems." — William M. Hancock, Ph.D., CISSP, CISM, CSO, Savvis Communications.

"This book should be required reading for anyone contemplating a VoIP implementation for three reasons: first, it deals with telecom technology and standards from Alexander Graham Bell onward. This puts VoIP in its proper context as an integral, evolved part of a global system that is potentially vulnerable. Second, it provides a detailed tutorial on all of the major aspects of VoIP implementation from a pragmatic point of view. Finally, it addresses the very real security issues that could put the global telephone system at risk if not dealt with professionally. I would heartily recommend your entire project team buy this book and read it carefully!"— John Milner, MIS Director, Cambridge University

Read More Show Less

Product Details

  • ISBN-13: 9781555583323
  • Publisher: Elsevier Science
  • Publication date: 12/3/2004
  • Pages: 432
  • Sales rank: 1,316,793
  • Product dimensions: 0.88 (w) x 7.50 (h) x 9.25 (d)

Meet the Author

James F. Ransome, Ph.D., CISSP, CISM, has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently Vice President of Integrated Information Security at CH2M HILL in Denver, CO.

John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliabiltiy and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.

Read More Show Less

Read an Excerpt

VoIP Security


By James F. Ransome John W. Rittinghouse

DIGITAL PRESS

Copyright © 2005 James F. Ransome and John W. Rittinghouse
All right reserved.

ISBN: 978-0-08-047046-7


Chapter One

The (Business) Value of VoIP

Have you ever thought to yourself "Why should we do this VoIP thing?" or "What value will voice over Internet provide my company?" or even "What is all this VoIP craze?" Simply put, Voice over Internet Protocol (VoIP) refers to the process of transporting voice communications over Internet Protocol (IP) networks like the Internet. VoIP is somewhat of a misleading term because it implies such a restricted focus on "voice." The term IP Telephony (IPTel) is more general. Telephony over IP (ToIP) describes the transport of real-time text over IP networks. It differs from instant messaging in that ToIP systems transmit bidirectionally one character at a time. This gives the user the feel of real-time communication, just like voice or video systems that transport streaming media over IP. ToIP is a term used to mean the transport of text over IP from a ToIP-enabled IP phone, PC-based client, or a legacy TTY device connected to a Public Switched Telephone Network (PSTN) gateway.

A TTY is also known as a Telecommunications Device for the Deaf (TDD). The TTY consists of a keyboard, which holds somewhere from 20 to 30 character keys, a display screen, and a modem. The letters that the TTY user types into the machine are turned into electrical signals that can travel over regular telephone lines. When the signals reach their destination (usually another TTY), they are converted back into letters, which appear on a display screen, are printed out on paper, or both. Some of the newer TTY devices are even equipped with answering machines. As good as TTY devices are, the innovation that comes from the use of the Internet for communications has far exceeded most expectations when the Internet came into being as a popular new media only a decade or so ago. Now, as with most technologies, VoIP has many potential benefits as well as obstacles that may be encountered. This chapter addresses both the benefits of and obstacles to VoIP.

1.1 Internet Telephony versus Telephony over the Internet

IP Telephony (IPTel) refers to the transport of voice, video, text, and other real-time media over IP networks. IPTel is considered to be a key technology that will provide advances in communication for end users and is expected to completely replace the PSTN over time. According to the International Telecommunication Union (ITU) Web site,[1] the die has been cast for the continued future of IPTel:

The Internet and IP-based networks are increasingly being used as alternatives to the public switched telephone network. Internet Telephony Service Providers (ITSPs) can provide voice and fax services which are close to becoming functionally equivalent to those provided by public telecommunication operators (PTOs). However, few ITSPs are licensed by national authorities and they generally do not have any universal service obligations. Many countries ban IP telephony completely, yet IP calls can be made to almost any telephone in the world. Many PTOs are establishing their own IP telephony services, and/or using IP-based networks as alternative transmission platforms. In the longer term, as more and more voice traffic becomes IP data traffic, there will be little to distinguish between IP telephony and circuit-switched telephony. However, many telecommunications regulatory schemes depend upon such a distinction, both physically and as a matter of policy and law. As these trends continue, the telecommunications framework will come under increasing pressure to adapt.

It is also inevitable that most governments of the world will wrestle with the use of IPTel and determine just how to turn these advances in technology into another form of revenue, for which ordinary users will undoubtably pay, that will be used to create even more forms of bureaucracies, whose specific purpose is to oversee and regulate what is now unregulated and untaxed. Until that time comes, however, the average Internet consumer/user will benefit greatly from such strides in technology.

1.2 The Value of VoIP: Return on Investment (ROI)

ROI is a major selling point for the use of VoIP. Why wouldn't it be? Some of the more attractive components of VoIP are large cost savings (especially in the area of long-distance telephone costs), new features, and converged networks. Bottom-line cost savings are fairly easy to quantify, whereas other VoIP benefits, such as productivity improvements, are more difficult to quantify in terms of ROI. As with most ROIs, there are both hard and soft benefits. Hard benefits are the easiest to sell to management, because they result from clearly defined, tangible cost savings. In contrast, soft benefits are called soft because they don't necessarily save real money, and they are usually harder to quantify from a business perspective. For example, stating that use of XYZ technology will increase productivity because of some inane reason or another is a soft benefit. Clearly, trying to measure productivity increases can become convoluted and subject to interpretation. The inane reason may or may not be something all staff members agree on—the very nature of disagreement that could (and usually does) exist causes this to be considered a soft benefit. Therefore, most organizations focus solely on the hard cost savings, but it is always important to clearly differentiate between hard and soft benefits to improve the credibility of the business case with financial decision makers. The company will not care if it is saving five cents per minute on VoIP calls if their sales productivity is decreasing because of poor-quality or dropped calls.

1.2.1 Getting the Most from VoIP: Cost Savings

The cost of VoIP implementation expenses are an important factor in making IT spending decisions. VoIP implementations can require a significant amount of new equipment and often also require significant infrastructure upgrades. In order to reduce the initial capital outlay necessary for implementing VoIP, many vendor companies are now offering equipment-leasing plans to spread the expense over several years or staging the VoIP deployment gradually as a means of easing the cost burdens. As with any new technology that is introduced into the corporate environment, the ROI scenario may vary across many different site locations. The unique deployment scenarios required for each site usually mean that the cost savings are likely to occur in several business areas, each area seeing individual impact on capital costs, expenses, and user productivity. A successful VoIP implementation will recognize these differences and use them to guide the strategy for inserting VoIP into existing infrastructures. A successful VoIP implementation will be designed as a long-term investment that will provide returns in capital and productivity savings, and help avoid additional security risks.

1.2.2 Capital and Expense Savings

VoIP may be an infrastructure that is already paid for if you own the IP network or are already paying an Internet Service Provider (ISP) for bandwidth. Because long-distance telephone calls are typically a major line item in an organization's budget, the use of VoIP can result in significant capital and expense savings over a PSTN. VoIP users only incur the cost of using the network, in contrast to PSTN users, whose long-distance costs can vary depending on the distance called (location of caller and callee) and the time at which the call occurs.

Centralized call-processing architectures are available from several VoIP manufacturers and can reduce equipment, maintenance, and support costs. These architectures also enable organizations to standardize the voice services that they deliver to their employees. A centralized team can now manage the entire organization's voice services from a single site, rather than requiring internal or outsourced resources to manage each Private Branch Exchange (PBX) or key system.

The use of VoIP can also result in a reduced incremental cost of network ownership. The nearly unlimited capacity of most corporate LANs will allow a new VoIP user to be added at a reduced per-user cost. A VoIPenabled data network also enables the easy and inexpensive addition of new corporate office networks, which also reduces the expense of incremental costs.

Because of the PSTN toll rate structure, companies with a large number of international sites may find the long-distance phone call cost savings from toll bypass attractive. Bypassing the PSTN and making telephone calls on an IP network is referred to as toll bypass. This occurs when a PBX or an IP PBX is connected to a VoIP gateway, which is then connected to an IP network. Instead of going from the PBX to a PSTN switch, the call traffic goes from the PBX to the VoIP gateway, avoiding the toll or cost of using the PSTN for long-distance calls. In most cases, the long-distance costs associated with PSTN usage should decrease after a VoIP implementation. Some companies may want to keep the PSTN as a fallback network. Many organizations will not convert to VoIP completely or all at once because of disaster recovery and business continuity concerns during the migration phase and proceed in staged implementations.

Rather than absorbing the costs of buying or leasing a PBX and network infrastructure for PSTN calls in addition to an IP network, both voice and data can run on one network, resulting in savings that provide a lower total cost of network ownership for VoIP. Single networks are also easier to expand and change, reduce the wiring costs required for two networks, and can easily incorporate wireless infrastructures.

1.2.3 Productivity Savings

VoIP implementations can also result in quantifiable savings in several areas, including the following:

* Management and support savings

* Enhanced mobility

* Reduced site preparation time

In some cases, infrastructure convergence through the use of VoIP will make it possible to reduce the internal staff required to support and manage the two separate infrastructures. As discussed later in this section, this savings must be balanced with the cost for training, because the management of a converged network requires consolidating existing infrastructure and, in some cases, learning new skills. For example, IT personnel will need to learn telecom skills, and telecom personnel will need to learn data-networking skills.

VoIP offers enhanced mobility, which can allow many organizations to institute more flexible work environments and reduce facilities and real estate costs while increasing employee productivity and morale. This capability allows individuals to log in to any phone within the organization and still have their extension number and any applications or services they use available to them, even though they are away from their desks. For many organizations, this new capability can result in significant cost savings and even revenue growth through increased productivity.

(Continues...)



Excerpted from VoIP Security by James F. Ransome John W. Rittinghouse Copyright © 2005 by James F. Ransome and John W. Rittinghouse. Excerpted by permission of DIGITAL PRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

The (Business) Value of VoIP ; Digital Voice Fundamentals ; Telephony 101 ; Packet Technologies ; VoIP Processing ; VoIP Implementation Basics ; VoIP Security Risks ; VoIP Security Best Practises ; VoIP Security and the Law ; The Future of VoIP ; Appendix ; Index

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)