** Voice Over IP Security. By Patrick Park; published by Cisco Press, www.ciscopress.com (Web); 384 pages; $60.
Voice over IP (VoIP) telephone technology is on its way to seizing the majority of the business telephone market, with 42 percent of businesses using VoIP last year, and 79 percent projected to by 2013, according to research firm In-Stat. At the same time, there is a lack of knowledge about the vulnerabilities of using VoIP for confidential communications and the steps that can be taken to minimize the risks.
In writing Voice over IP Security, Patrick Park provides a strong introduction to VoIP’s risks as well as the fundamentals of implementing it securely. Park is a skilled practitioner of VoIP security, formerly as a security engineer with Covad Communications and now as a test engineer for Cisco.
The first two sections address fundamentals and best practices. Park provides information on threats and steps that can be taken to ensure the privacy of conversations. There is also an extensive explanation of encryption that will benefit practitioners in many different areas.
The book’s third section covers lawful interceptions in which service providers who are approached by law enforcement with court orders help the authorities intercept VoIP calls, which are much more difficult to “tap” than traditional telephone communications. The section is a valuable resource for any security manager who might have to assist with such an investigation.
While highly technical, this text offers a wealth of fundamental knowledge for the nontechnical security professional who wants to learn about this prevalent technology.
Reviewer: Brent Campbell is the security operations support manager for CSC in Falls Church, Virginia, and is a member of ASIS International’s Information Technology Security Council.