VOIP threats defined by alliance

The Voice over IP Security Alliance defined a set of security and privacy threats facing VOIP users.

For all the developments around enterprise voice over IP solutions, there has been only scattered interest in the related potential security threats but the Voice over IP Security Alliance (VOIPSA) has shown a spotlight on problems that IT managers ought to be concerned about.

VOIPSA was formed in February and one of its first initiatives was to define a set of security and privacy threats facing VOIP. The group released on Monday its VOIP Security Threat Taxonomy, a list of security threats in the VOIP world. The next steps will include releasing a set of best practices to help enterprises and other VOIP users determine whether they have implemented the proper safeguards. The group will also develop testing suites that will allow vendors to test that their products match best practices for equipment.

In the meantime, IT managers are unlikely to rest easier since the group has categorized the threats to VOIP. VOIPSA defined one category as deceptive practices and fraud. For example, it's possible for attackers to spoof caller ID to look like a call is coming from a specific source or even to mimic the sound of someone's voice, said Jonathan Zar, secretary and outreach chair for VOIPSA and a senior director at Sonicwall, a company offering security products. Such fraud is possible on the public switched telephone network but it's much more difficult because the networks are managed end-to-end by operators, he said.

Other threats to VOIP come from attackers who can intercept or monitor calls, which can involve both listening in on calls or tracking who is talking to whom. VOIPSA also identified a variety of types of denial of service ranging from attacks that can essentially tie up the network so it's unusable to hacks that can prematurely run down the battery on mobile user devices.

"We know some of these things are happening anecdotally," Zar said. So far, there aren't good statistics on how often these types of attacks are happening though, he said.

While many IT managers are aware of these issues, many also aren't quite sure how to address them, Zar said. "I would say the majority of CIOs I talk to want to do more and are concerned about what happens when they start to extend VOIP beyond site to site," he said. Today, securing VOIP connections between company sites where all the traffic is within a virtual private network can be relatively straightforward but once those connections extend beyond the realm of the enterprise, to include teleworkers for example, or once they begin to include additional services, the security may begin to break down, he said. Many CIOs are aware that such steps may open the door to problems but they aren't sure how to protect against them, he said. VOIPSA hopes its future release of best practices will help steer IT leaders in the right direction.

Products do exist to help secure most VOIP enterprise usage. IT departments can isolate VOIP traffic and deploy VOIP-enabled firewalls and VOIP-aware intrusion protection tools, Zar said.

Over 100 companies, including 3Com, Alcatel, Level 3 Communications, Nokia, Agilent Technologies, Accenture., Symantec, Nortel and Juniper Networks, have joined VOIPSA since its formation.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Nancy Gohring

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?