|
By Carl Weinschenk
HINJOSA: The key differences are the means of transmission and the format in which the data is transmitted. For a business with many employees you are going to have a dedicated VoIP computer system that may carry voice data over your LAN. This could be intercepted internally by a hacker who has breached your network defenses. This is not possible with a “traditional” phone system. Also, traditional voice calls leaving your business go out on a dedicated private line. VoIP is sent via your ISP connection and is subject to detection and interception by hackers.
What is the biggest threat to VoIP systems: Viruses? Hackers? Why?
ZIMMERMANN: Viruses might be the vehicle by which hackers gain access. The virus can establish a beachhead on a PC on your network and then open the door to load more complex wiretapping software from a hacker. That hacker may work for a foreign government or organized crime.
GRAYDON: Currently, there have been very few documented attacks against VoIP systems. This is partly attributed to the fact that although VoIP usage is quite high for a new technology in the consumer space, it is presently still quite low in overall business environments in comparison to "normal" telephone systems. When VoIP is adopted by the critical mass of business, however, the primary day-to-day threat will be voice spam. . . The next critical threat after voice spam will be viruses.
HINJOSA: Unless the information contained in the voice communications is often very sensitive, confidentiality is not where the biggest threat lies. . . A business VoIP system that has a dedicated internal server could be subject to hackers, viruses and other computer problems. Without proper security on this type of system the biggest threat would probably be malicious software and computer system component failure.
Is the VoIP security situation getting better or worse?
ZIMMERMANN: The bad guys haven’t started attacking it in an organized way because it hasn't grown big enough. On the other hand, the good guys haven’t put in the protection mechanisms yet. That's what I'm doing. I'm encrypting VoIP. I'm making VoIP secure against eavesdroppers to try to restore the security we enjoyed on the PSTN.
GRAYDON: VoIP security threats have the potential to become worse over time, as hackers find ways to tap into the systems. VoIP security providers are one step ahead of them. There are several methods for securing VoIP installations. However, care must be taken to understand what your requirements are. For many businesses, understanding usage and the possible threats is the first step in securing your VoIP installation. There are tools and scripts available for VoIP attacks. But there are many more available for pure IP attacks. Securing VoIP is no more complicated than securing email, no matter what the many VoIP security vendors claim.
HINJOSA: Since we are starting from zero so to speak, we can safely assume that as VoIP implementations increase in number and scope the attention of “bad guys” will increase. Many preventive measures already exist in the form of computer security software and hardware. A thorough analysis of the VoIP system should be done and computer security best practices applied after an initial risk analysis and assessment. In addition, ongoing attention and education is needed to keep up with emerging threats and available countermeasures.
|
