The only publication dedicated to OSS Volume 2, Issue 3 - August 2005 |
|
So Whose Problem is it? Lack of awareness and flawed implementations are perhaps the biggest VoIP security threats -- as they are for any technology implementation. When enterprises move to replace legacy PBX systems with VoIP, they tend to look for performance and quality of service (QoS) first, thinking of security as an afterthought, if at all. This is a mistake: telephony is a business-critical application, and any insecure converged network represents a significant security risk. Mis-configurations, partially completed implementations, and not abiding by known standards of risk mitigation will be attributed as the cause of most compromises. Service providers are in a virtual land grab for VoIP market share. As a result, the risks are often overlooked and security is rarely even mentioned in most service descriptions and FAQs about service offerings. It is important for service providers to look into potential risks and address them, and for enterprise and government organizations looking for VoIP services to ask questions. Subscribers and prospective subscribers should not only be asking about service availability, but also about what steps the service provider has taken to secure that service. Bottom Line
© 2005, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law. |