The route to better VoIP security
Jonathan Greenwood says IP telephony requires more security than some think
Although many firms are taking steps to further secure their IT systems, it is often a different story for their IP telephony network, and resellers need to educate their customers about possible VoIP security vulnerabilities. This represents a great opportunity.
To gain access to the telephony system, hackers need the password of the relevant device. They may identify an IP extension on the network, and bombard that device with different passwords in the hope that one of them will be right.
In many cases, it does not take long for the hackers to guess the correct password and log into the IP PBX system.
There are many ways to disrupt the IP telephony network and potentially cause the business to lose large sums of money once access is gained.
For example, an entire call centre-type facility can be attached, routing thousands of calls elsewhere. Depending on how calls are routed, and how regularly the company is billed, this activity may continue for months before discovery.
Often, the password will not be altered from the default "password" or "admin", or will be changed to something easy to remember, such as the company name.
This is a major issue for businesses, and they need a way to ensure password strength. Some systems allow administrators to reject passwords automatically that are not strong enough, instantly making the infrastructure more secure.
It is difficult and time consuming to monitor the IP telephony system constantly for attempts at illegal access. Resellers should promote offerings that allow administrators to set a limit for the number of unsuccessful access attempts by an IP address, blocking those that reach that limit and sending an email alert to the administrator.
With the right IP PBX, IP extensions can be set up to limit the number of conversations they can handle at any one time.
Danger can further be mitigated by using a system that allows the company to set a credit limit for outbound calls.
IP telephony is going to be a much bigger part of corporate communication infrastructures over the coming years.
While IT security is slowly but surely improving, the same cannot be said of IP telephony systems. The administrators of such systems often do not realise the risk.
This gives resellers an opportunity to educate their customers with a view to making a sale.
Jonathan Greenwood is managing director of SNOM UK.