Who Is Responsible for VoIP Security?
With each new revolution in digital communications there seems to come some sort of painful learning curve regarding security. Email, web surfing, and instant messaging have already gone through this evolution. Next up appears to be VoIP.
One of the things that needs to be understood is that VoIP combines the security threats of traditional voice networks with the security threats of normal data networks. Things like toll fraud have been around since companies have had phone systems- VoIP simply makes it possible to do it faster or on a much larger scale. Call redirection, denial-of-service attacks, man-in-the-middle attacks and more are all potential threats that exist for VoIP networks.
So, the next question becomes ‘who is responsible for securing VoIP?’ This question has come up in the past relative to the other communications methods. Are ISP’s or web hosts responsible for securing the services they offer, or does the burden of security fall to the customer? Is the email service provider responsible for detecting malware and blocking spam, or is it the end-user’s responsibility to protect their email from these threats?
This article from Tellapliant addresses this issue. I believe that the answer lies somewhere in between as it has in the past. The Teleppliant article seems to suggest that VoIP providers should at least look at the history of these other communications methods and the security measures that have been introduced by ISP’s and service providers to try and make a determination about proactive steps they might be able to take to stay ahead of the VoIP security curve. However, VoIP hardware and software vendors also have an obligation to build security controls into their products. Ultimately- the responsibility can’t really be transferred from the end-user. Regardless of what a VoIP provider or VoIP hardware/software vendor might implement from a security perspective, the customer is the one that will be impacted by attacks on the VoIP network and is also the one held accountable for security compliance related to VoIP.
July 18th, 2009 at 8:53 am
[...] Here is the original post: Essential Computer Security » Who Is Responsible for VoIP Security? [...]