IP telephony deployments are failing to deliver the savings and benefits expected prior to rollout, according to customers attending a VoIP panel discussion held in Sydney last week and attended by about 50 delegates.
Very few customers could raise their hand and say they expect any real cost savings from their deployments.
Sean Barkley, the regional manager for advanced voice solutions at Verizon Business says this is because staff are using IP phones just for voice, ignoring features like remote office or the web interface which can set any line as the office phone.
Barkley says staff training is critical and is one reason why IP deployments fail to meet ROIs.
He says the other problem is a lack of network auditing.
“Extensive network audits must be conducted prior to implementing IP telephony to minimise security risks and to maintain quality of service. The audit is critical to see what your network is built on and what applications are running to factor in what may need to change. The audit for one site can go for 17 or 18 pages,” Barkley says.
Telsyte analyst Warren Chaisatien says the network which hosts IP telephony must be free of resource-draining applications such as Skype which can dramatically affect the quality of service, and can open security holes.
“IT should include network policies in their audits which limit the use of Skype and IM, because users who have these applications at home tend to download them onto the corporate network as well,” Chaisatien says.
Removing peer-to-peer and instant messaging applications will help plug the security holes in IP telephony, according to Avaya Asia Pacific CTO Robbie Kruger, who says everything from bandwidth to corporate data can be stolen when VoIP is seen as “just a little bit more data to deal with”.
“Consumer grade applications like Skype are great, but they can be a security threat to your organisation because you set up yourself as a mini hub. You will find you are compromising your business and your voice might not be there tomorrow,” Kruger says.
“Other people use your bandwidth when you become a broadcast hub, and you can lose service for not just your voice but for all your data applications which will affect the quality of voice across the WAN.”
Potential IP telephony security flaws could allow hackers to access a network by locating the address of VoIP web servers on Google or by scanning for commonalities in mail server protection lists.
Security firm Assurance.com.au director Neil Wise says hackers could access a network hole by locating a VoIP web server indexed by Google, and could locate default usernames and passwords in installation documentation available on a vendor website.
However, he says this would require users to leave login authentication unchanged.
“Many second-tier Australian telcos ship VoIP phones preconfigured. Installation wizards are designed to have minimal user input to make the technology attractive and to reduce support costs but this makes users vulnerable to a very real attack,” Wise says.
“Hackers could also use IP phones with packet-capture to record conversations, depending on the type of encryption used. For example SIP 1.0 [session initiated protocol] could be easily decoded, while SIP 2.0 is much harder.” A similar exploit may exist if default answering messages are left unchanged which may reveal the phone’s make and model if the vendor’s message service is unique. Wise says this risk can be eliminated by only opening ports when calls are carried.
Kruger says encryption should be deployed on voice, faxes and tones as part of a network audit as each presents a unique vulnerability.
“If tones aren’t encrypted and someone is listening to those tones when you are doing internet banking, they can capture your banking passwords,” he says.
According to TeleWare Australia and New Zealand managing director Mike Blanchard, IP telephony has failed to meet ROIs because of a lack of interoperability and poor adherence to standards.
“IP telephony is based on a widely embraced Session Initiation Protocol (SIP) standard which has been adopted by all manufacturers, but interoperability remains a major issue [because] there are proprietary elements in each implementation of the standard, and there are so many flavours of SIP,” Blanchard says.
“This is one of the main reasons why VoIP is yet to live up to its potential as a silver bullet that provides quick ROI and easy deployment of multiple applications across existing networks.”
Kruger predicts fax-over-IP will emerge in the next few years which will build on desktop applications to allow “faxing from the desk”.