VoIP not so safe
Ian Kilpatrick reckons many users do not understand the risks of internet telephony
Many companies have now adopted VoIP, and many more are considering adopting it. But they don't necessarily realise that, by moving to VoIP, they have also moved into converged (phone/data) systems and a potentially dangerous security environment.
Meanwhile, users who are more aware of convergence may also – usually incorrectly – believe their existing data security measures will protect them in this unified communications (UC) environment, which may incorporate other applications, such as CRM.
Converged systems are open to additional security risks over and above those faced by data traffic. Because of this, they require additional or different security measures.
Companies aware of the security risks in UC may actually defer adopting converged offerings. No one wants to lose both voice and data at the same time.
However, many have already gone ahead with creating mobile workspaces, extending VoIP and the converged systems functions of their IP PBX to remote IP phones, soft phones and Wi-Fi or dual-mode telephony.
Extending UC to the smartphone introduces even more security risks. VoIP on the smartphone crosses untrusted networks, is not integrated into the enterprise security architecture, and increases the risk of becoming non-compliant.
The lack of knowledge about security for converged systems is such that some people are actually connecting their IP PBX without a router.
A firewall will not necessarily protect in a converged environment and users may be opening holes in their security infrastructure, becoming non-compliant and endangering customer confidentiality.
Many firewalls won't protect against session initiation protocol (SIP) attacks. SIP trunks are often used to connect to the PSTN network via the internet. They are popular because they can be cost-effective and increase reliability.
Users should check that their firewall has a SIP proxy on it, at the very least. Without that, a network is at risk.
Some firewall, UTM and XTM vendors appliances now include SIP and 323 proxies.
These will protect against VoIP threats such as denial-of-service (DoS) attacks, spam over internet telephony, voice service theft, registration hijacking, eavesdropping, directory harvesting and voice phishing (vishing).
Users must be educated on the need to check their security measures around VoIP.
Ian Kilpatrick is chairman of Wick Hill