The only publication dedicated to OSS     Volume 2, Issue 3 - August 2005
Current Issue
Cover Page
Taking Stock
VoIP Security
The Next Level
Measuring Up
Forward Movement
Tapping the Market
A Pioneer's Tale
Editor's Letter
 
Subscribe
About Us
Archives
Ed-Opps
Ad-Opps
Advertisers
Sponsors

VoIP Security - Is It Really an Issue? (Cont'd)


So Whose Problem is it?

Lack of awareness and flawed implementations are perhaps the biggest VoIP security threats -- as they are for any technology implementation. When enterprises move to replace legacy PBX systems with VoIP, they tend to look for performance and quality of service (QoS) first, thinking of security as an afterthought, if at all. This is a mistake: telephony is a business-critical application, and any insecure converged network represents a significant security risk. Mis-configurations, partially completed implementations, and not abiding by known standards of risk mitigation will be attributed as the cause of most compromises.

Service providers are in a virtual land grab for VoIP market share. As a result, the risks are often overlooked and security is rarely even mentioned in most service descriptions and FAQs about service offerings. It is important for service providers to look into potential risks and address them, and for enterprise and government organizations looking for VoIP services to ask questions. Subscribers and prospective subscribers should not only be asking about service availability, but also about what steps the service provider has taken to secure that service.

There is no sole owner of responsibility here. Vendors must secure their applications and platforms and provide guidance. Governing bodies must provide leadership, and those who implement must be sure to abide by guidelines and continue to develop and brand secure solutions. End users are also responsible for educating themselves and buying the products and services from the vendors who have the best security postures for their solutions.

As converged networks grow in strategic importance, concerns about security should be top of mind for vendors and customers. As long as security is given utmost importance, VoIP systems can be made at least as secure as PBXs and the public switched telephone system.

Bottom Line
Security risks in VoIP networks are real, and network architects need to understand that a single attack to a VoIP network can simultaneously shut down both data applications and phone service, causing significant impact to business. Companies need to take responsibility for securing their VoIP networks today.


Send Comment

 

Subscribe   About Us   Archives   Editorial Opportunities
Advertising Opportunities   Advertisers   Sponsors

© 2005, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.