T 2.112 Inadequate planning of VoIP

In most cases, bad decisions made during the planning phase can only be corrected later at great expense. To enable reliable usage of VoIP, many aspects need to be taken into account.

VoIP requires a functioning data network. This data network can also be used for other services such as e-mail and the Internet. Due to the additional IP packets necessary for VoIP, the data network can quickly become overloaded. The capacity of the network therefore plays a decisive role for problem-free operation. The consequences of misjudging the importance of this aspect can reach as far as the failure of all technical communication capabilities. Signalling and media transport protocols are needed to communicate using VoIP. In terms of signalling protocols, in which primarily control instructions are transmitted, so far no protocol has been successful enough to become the standard protocol. In addition to numerous proprietary solutions, the SIP and H.323 signalling protocols must also be mentioned. Many VoIP devices only support one protocol, a fact that has a decisive influence on the planning phase.

The selection of a media transport protocol is less critical, since only the Realtime Transport Protocol (RTP) has prevailed. When both communication partners support encrypted SRTP, their communication can be protected.

For the actual transmission of the voice information, a codec is needed that permits voice information to be converted into digital information. Although numerous codecs exist, the selection of a codec during the planning phase only plays a subordinate role. In general, the end devices support a number of codecs. When establishing a connection, the codec to be used is negotiated by the communication partners. If there are only a few codecs supported by both of the communication partners, then a codec may be negotiated which is not appropriate for use under the prevailing general conditions. This can lead to a high load on the network on the one hand, and to poor quality voice transmissions on the other hand.

In addition to the basic technical functionality, the possibility of using encryption between the devices also plays an important role when planning and purchasing VoIP devices. In some applications for example, a VPN encrypted with IPSec or SSL can be used. The installation of a VPN client is usually impossible, though, for dedicated VoIP hardphones. This means that if encryption of the media transport protocol, for example using SRTP, is not supported, an attacker may be able under some circumstances to listen in on these telephone calls.

© Federal Office for Information Security. All rights reserved.