I often get into debates on the use of encryption and it being the panacea of data protection. While encryption has proven itself a viable solution for many years, the problem is never in the algorithm, but rather in the management of the keys. In order for encryption to occur the system must have the key to encrypt and decrypt the data. This means that the key resides somewhere on a computer system accessible by the application. How well is the organization protecting the key and ensuring that the application is handling the key appropriately is the most significant question.
According to NIST, with the proliferation of VOIP, the demands for security are significantly compounded. Now, network administrators must protect two invaluable assets – our data and our conversations. Federal agencies are required by law to protect a great deal of information, even if it is unclassified. The current Internet architecture does not provide the same physical wire security as the phone lines. What’s the solution? Encryption! Encryption! Encryption!
Encrypting VOIP traffic and running it over a virtual private network provides excellent security when dealing with external communications. Architecture decision, like locating IP Telephones behind NATs and Firewalls, are also important.
We can all breathe a collectively sigh of relief – terrorists now have the ability to communicate securely[reuters.com]. I was really starting to be concerned for their privacy…