IS management is considering a Voice-over Internet Protocol (VoIP) network to reduce
telecommunication costs and management asked the IS auditor to comment on appropriate
security controls. Which of the following security measures is MOST appropriate?
Review and, where necessary, upgrade firewall capabilities
Install modems to allow remote maintenance support access
Create a physically distinct network to handle VoIP traffic
Redirect all VoIP traffic to allow clear text logging of authentication credentials
Firewalls used as entry points to a Voice-over Internet Protocol (VoIP) network should be VoIPcapable. VoIP network services such as H.323 introduce complexities that are likely to strain the
capabilities of older firewalls. Allowing for remote support access is an important consideration.
However, a virtual private network (VPN) would offer a more secure means of enabling this access
than reliance on modems. Logically separating the VoIP and data network is a good ideA. Options
such as virtualLANS (VLA.NS), traffic shaping, firewalls and network address translation (NAT)
combined with private IP addressing can be used; however, physically separating the networks will
increase both cost and administrative complexity. Transmitting or storing clear text information,
particularly sensitive information such as authentication credentials, will increase network
vulnerability. When designing a VoIP network, it is important to avoid introducing any processing
that will unnecessarily in crease latency since this will adversely impact VoIP quality.