Security: March 2007 Archives

More VoIP Security Hype Nonsense

By Rick McCharles on March 5, 2007 2:30 AM | | TrackBacks (1)
An article posted on March 05, 2007 in COMPUTERWORLD has for a title:

"Enterprises must avoid IP telephony for teleworkers or face attack" Link Here

According to this article, allowing Teleworkers to work with VoIP will expose your enterprise to a multitude of dire consequences such as:
  • Hackers stealing usernames and passwords
  • Placing users vulnerable to a very real attack
  • Hackers recording conversations
  • Hackers gaining access to your online banking
Whatever the motivations for these sensationalist articles, they do nothing to educate the public about the real risks associated with VoIP and how to mitigate them.

Avoid IP Telephony for Teleworkers? Sure, ignore one of the most important benefits of IP Telephony in case some evil VoIP hacker posts all of your private conversations on CNN, empties all of your bank accounts and bankrupts your organization!

The fact is, that VoIP can be, and is routinely, deployed and used securely; even by Teleworkers, imagine that.

There are risks associated with VoIP and IP Telephony. For enterprise most of these risks are associated with network infrastructure. If an enterprise's security policy and implementation is full of holes, then it is vulnerable to attack not only for VoIP but all the other applications that run over the infrastructure including email. How many companies encrypt their email? Very few, yet we're not bombarded with a constant stream of doom articles on how corporate email is at serious risk and we should prevent remote employees from using it!

In almost every instance, the VoIP sky-is-falling articles are not able to produce even a single documented event that demonstrates how a particular vulnerability was exploited.

As usual, I make the distinction between Consumer based VoIP services and Enterprise-Class IP Telephony. The former has the potential for more security concerns and weaknesses.

On the enterprise side, there are plenty of sources that describe best-practices and tools to deploy VoIP securely:

- A PDF Document by Juniper
- VOIPSA (An organization dedicated to VoIP security without the hype)

A Google search on the subject will yield hundreds of related sources.

Perhaps the authors contributing to all this hype should also do a little research.

Rick McCharles
www.ric.ca


StumbleUpon ToolbarStumble It!
Main Index | Archives | Security: November 2007 »

About this Archive

This page is a archive of entries in the Security category from March 2007.

Security: November 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Security: March 2007: Monthly Archives

RIC Services
Powered by Movable Type 4.01