Introduction
Voice over IP (VoIP) is the transmission of voice over packet-switched IP networks, as of right now it is one of the most prominent emerging trends in the revolution of telecommunications (Thermos, 2009). Almost everyone one is driven by technology in one way or the other. With this drastic growth in technology over the pass years and with this rapid growth in advancement it as also presented many ground-breaking improvements; which have contributed significantly to the simplification of day-to-day activities. Nevertheless, this advancement may have a negative effect on the way we communicate using these technology we have come to love. However, with the demand for communication technology on the rise so is the need for additional security. This paper will look at the implementation of VoIP and the necessary security needed in the Enterprise for transmission of safe commination. In addition, this paper will also explain the many advantages and disadvantages (risk) of using a technology such has VoIP in the Enterprise.
Implementation Tips
VoIP can be very successful in the enterprise if it is done properly using the right techniques and technology that is the right fit for the organization. On the other hand, it can be very unsuccessful and a huge failure. Some companies when considering implementing voice over IP they fail to first make sure that the system is working properly before putting aside their grandfathered system, such as private branch exchange (PBX). As with any new technology VoIP too has security risk. Therefore, companies must also take into account the correct security policies before they implement VoIP which will aid the company in having a better protected device (Thermos, 2009). In addition, implementing security protocol should be an essential part when considering making the switch from traditional phone systems, and should also take into account the specific types of applications being use in the company. Some Administrator may presume that it is not important to put into place additional security techniques for VoIP since the transmission is digitized voice; which travels through packets they can simply just plug VoIP component into their previously secured network and it too will be secure. However, this is far from reality and with serious consequences. Some security features that the companies could consider when implementing VoIP should include: VoIP “aware” firewall, Authentication, Developing appropriate network architecture (Fries, Kuhn, & Walsh, 2005).
Security
Like with traditional data being transmitted over the network the same heighten security is needed for VoIP. One such example is DOS attacks which could be done quite easily by downloading tools off the internet. Therefore, it is very important that VoIP servers be placed behind VoIP firewalls which will help to prevent DOS penetration into the network. Authentication is needed for VoIP users just like in the data world, people will still have the need to make sure that the person on the other end of the line is who they say they are, this can be accomplish by using H.323, SIP and MGCP standards (Weiss, 2001). The H.235 component of H.323 specifies two types of authentications which include: Symmetric encryption which is a method that is less stressful on the processor usage and therefore consumes less power and does not require any form of communication between the two devices (Weiss, 2001). Subscription based method require the sharing of a secret key before the communication between to the two devices can be completed. However, the administrator must keep in mind that this method will require a lot of CPU power and time if it is using symmetric encryption which is way more secure than asymmetric encryption. In addition, H.235 also accommodates the use of IPSEC to handle authentication between the devices that are trying to communicate with each other. The SIP protocol includes three different types of authentication: Basic Authentication, Digest Authentication, and PGP Authentication (Weiss, 2001). (Fries, Kuhn & Walsh, 2005). Diagram
Advantage of Using VoIP in the Enterprise
When implemented properly using the right infrastructures and security techniques, VoIP can significantly improve the way an Enterprise communicate and operates in a successful environment. One of the many advantages of implement VoIP over traditional telephone service is that the Enterprise could see drastic cost saving in long-distance calls. Therefore, this implementation can be very beneficial to a company that operates in numerous areas whether local or internationally, since the caller’s voice is converted to data and transfer over the internet to a VoIP phone on the other end (Shavit, 2007). In addition, VoIP can also connect with other communications media which is known as “unified communication”. A company can also combine email and VoIP therefore their employees/users can access voicemail through their email clients which is not possible with traditional phone service (Shavit, 2007).
Disadvantage of using VoIP in the Enterprise
On the other hand, with the many technological developments VoIP opens the telephony system to numerous kinds of vulnerabilities that did not exist in traditional telephone systems (circuit switching). One of the many disadvantages of implementing VoIP in the Enterprise is that the VoIP telephone system is connected directly to the network. Therefore, if the network goes down so does the telephone system in the Enterprise. It also opens the door for more security risks because securing VoIP traffic at the firewall level presents certain challenges. One of the challenges is that “not all firewalls are VoIP aware and older firewall may not recognize VoIP protocols such as SIP, MGCP or Cisco’s SCCP protocol, and incorrectly block this traffic (Ruck, 2010).” In addition, like in the data world many firewalls actively scan network traffic packets as an intrusion detection/prevention system. This type of sort scanning is not recommended because of the time-sensitivity of VoIP traffic. The implementation of VoIP also present patching problems, since some administrators may over-look this issue as it might be seen as being unnecessary. Even though, most VoIP “phones use trivial file transfer protocol (TFTP) to update software or firmware and in many cases this set-up occur without authentication” (Ruck, 2010). Therefore, a compromised TFTP server will undoubtedly allow hackers to place files in the upload directory and it would be loaded into the telephone system (Thermos, 2009). Hence, it is a must that VoIP phone systems obtain regular patching to the call management system, voicemail, infrastructure, and endpoints, in or to maintaining a well secure network and telephone system.

Conclusion/ Recommendation
At the end, with the rapid growth of technology over the past years so as the need for proper security. With the implementation of voice over IP in the Enterprise, administrators should keep in mind that voice transfer should be secure using the right security methods just as they would protect data. In addition, all VoIP traffic travelling over a public IP network should be encrypted to ensure a secure communication between end-users. Like with any good network, administrators should do regular audits to make sure that there is no weakness in the network infrastructure through which unauthorized users will be able meddle around on the network and create any damage. It is also very important that firewalls are “VoIP ware”; if this is not the case then the necessary changes should be made ahead of any problem that might arise. There are many disadvantage in using VoIP over traditional phone lines but if implemented properly VoIP can significantly improve the communication within an Enterprise. Nevertheless, with demand of more advance technology it is without a doubt that VoIP could be the next way of communicating, and many Enterprise might make the switch, and traditional phone service will be a distance pass.