VoIP Security: The Basics
It is no secret that VoIP is a popular and growing technology. VoIP, and its bigger, more converged, and feature-rich brother, unified communications, represent a significant shift in communications technology and a quantum evolution in how businesses leverage communications to improve productivity and increase efficiency. Bottom line- businesses that don’t have it now will have it soon and new tools and technologies will continue to drive the adoption of VoIP and unified communications.
VoIP security is frequently talked about, but it is rare to hear of actual VoIP attacks. From both a theoretical and practical point of view there are a number of vulnerabilities and weaknesses in various VoIP implementations, but I think that the attackers are still working out their ‘business model’ and examining how to go from exploit to income. So far it seems like the most prevalent attacks are old-fashioned toll fraud attacks against VoIP systems. Without a strategy to monetize the attack, there is little incentive to execute one. Once the Internet criminals of the world figure out how to make money from VoIP exploits the gloves will be off.
A recent article in CSOOnline.com by Bob Bradley (Excellent last name! He must know what he is talking about), spells out some of the most prevalent security issues with VoIP, and some recommendations and best practices to guard against them. There are plenty of resources available, and a growing number of vendors and consulting companies dedicated to providing VoIP and unified communications security. It is the responsibility of CSO’s, CIO’s, and other IT mangement and security individuals to be informed about the threats and aware of the available mitigations and countermeasures to enure that their VoIP and unified communications environments are adequately protected.