Securing VoIP networks has long taken a back seat to numerous other corporate IT priorities because while threats to these systems are known, there has yet to be a high-profile exploit to demonstrate the need for VoIP security. But times are changing. In the summer of 2006, two men were caught illegally routing calls over service provider Net2Phone's VoIP network. Also last year, the first VoIP phishing scam was launched that directed e-mail recipients to call an 800 number connecting them with a VoIP system that spoofed their bank and stole their personal information. While these examples represent minor pain compared to the wide-spread damage that worms, viruses, and other attacks have caused in the e-mail, Web, and instant-messaging worlds, they illustrate the point that VoIP security needs to be taken seriously. "Most organizations are too complacent and not placing the proper focus on protecting their VoIP systems," says Lawrence Orans, a research director at Gartner. The major threats to VoIP are not so different from those that plague the data world; denial-of-service (DoS) attacks, viruses, spam, and spoofing. But there are a few unique threats to the voice world, such as eavesdropping. Accordingly, securing VoIP traffic is not unlike protecting data traffic, except that there are vastly fewer companies and products focusing on the voice component at this point in time. Firewalls, intrusion-prevention systems, and other security elements that have become standard components of data networks are still emerging for VoIP, despite the rapid adoption of the underlying VoIP technology; IDC says VoIP expenditures hit $2.9 billion last year, and are expected to grow to $6.9 billion by 2011. "Security products need to understand voice protocols," says Mark Bornstein,manager of security marketing with Cisco. "We have to supply the same security standards to all types of traffic." While enterprises can't yet rely on most of today's data-centric security products to protect their voice traffic, security offerings specifically designed for VoIP are emerging. Cisco's Adaptive Security Appliance, for example, offers firewall, intrusion prevention, and content filtering features for traffic that uses a number of voice protocols, including Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP), Cisco's proprietary protocol. Other IP PBX makers, including Nortel, Avaya, 3Com, and others, also sell security devices that sit in front of their voice equipment to protect that traffic. Additionally, there's a growing market for third-party VoIP products. Companies including Sipera, Ingate, SecureLogix, Borderware, CheckPoint, and others make SIP firewalls, although Gartner's Orans says most enterprises are not yet using SIP,depending instead on the proprietary protocols that their IP PBX equipment vendors offer and their related security equipment. Another market that's forming around VoIP security is session border controllers, which enable two different VoIP providers to connect their networks, and often add security measures such as authentication and encryption to voice traffic. These products from companies such as Covergence, NexTone, Acme Packet, Ditech Communications, and others, are considered particularly useful for companies looking to deploy VoIP outside of a single domain. In addition to deploying VoIP-specific security products, enterprises can protect their IP telephony systems by ensuring that these, as well as their existing data networks, operating systems, and applications, follow best practices in security. "You have to apply the same hardening strategy [to VoIP networks] as you do to a normal data network," says David Endler, chairman of the VoIP Security Alliance and director of security research for TippingPoint. "But you can't have blinders on to just the VoIP system, you have to look at your entire environment." Basic steps such as changing default passwords on all software ? including products that may not seem related to the VoIP network but can affect it, such as third-party management tools ? as well as applying operating system patches in a timely fashion can help protect enterprises from VoIP threats, says Endler. Also, architecting networks so that VoIP traffic is segmented from the data network by a firewall can prevent an intruder or malware that penetrates one virtual LAN from getting at the other. Implementing quality-of service (QOS) policies that prioritize certain types of traffic is essential for VoIP networks, Endler says. In the case of a DoS attack or other such event that impacts network performance, VoIP traffic will be most sensitive to degradation that could render the voice network unusable. "VoIP applications really take some of the existing security threats inherited from the data network world and expand the severity because VoIP is just like any other data application, except that it's very unforgiving," Endler says. Since VoIP security is still a relatively new concept and not thoroughly understood by IT departments, many are turning to VoIP security assessments by third parties to help identify weaknesses and reinforce systems. Assessments are available from a number of service providers including Verizon Business, AT&T, and Sprint, as well as a host of testing companies. While these assessments can run in the tens of thousands of dollars, that cost pales in comparison to the toll of becoming the victim of a high-profile VoIP exploit.
Most Popular Reviews
- 1 LG 2017 OLED TV range full review: W7 Signature Wallpaper, G7, E7 and C7 UHD TVs
- 2 Subaru XV 2017 review
- 3 Samsung 2017 QLED Q7 TV: Full, in-depth review
- 4 Kogan Atlas UltraSlim Pro laptop: full, in-depth review
- 5 Gigabyte Aorus GA-AX370-Gaming 5 AMD Ryzen AM4 motherboard review
Latest News Articles
- MSI Wins Computex Best Choice Award 2017 for a Record-Breaking 5 Products
- How to take screenshots in Windows 10
- The Pi Desktop kit transforms your Raspberry Pi into a stylish, SSD-powered mini-PC
- The Full Nerd episode 23: AMD Threadripper vs Intel Core i9, Radeon Vega is here(ish)
- Microsoft shows the power of its Pen with a new Whiteboard app and other upgrades
PCW Evaluation Team
A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.
I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.
As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.
I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.
Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!
For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.
- LG 2017 OLED TV range full review: W7 Signature Wallpaper, G7, E7 and C7 UHD TVs
- Huawei P10 smartphone review
- Huawei P10 Plus phone: Full, in-depth review
- Which flagship TV is best? Sony 4K HDR Bravia 2016 versus LG 4K HDR OLED 2016
- 10 Blu-ray movies / Best looking Blu-ray movies
- FTSocial Media Executive / Specialist (Facebook) - online gamblingNSW
- CCInfrastructure EngineerACT
- FTiOS DeveloperNSW
- CCSAP ISU Functional ConsultantVIC
- TPICT Customer Support OfficerNSW
- FTRelease / Implementation ManagerSA
- FTSenior Java DeveloperVIC
- FTGraduate Technical ConsultantACT
- FTApplication System EngineerACT
- TPDelivery Coordinator - ProjectsQLD
- FTBusiness Development Manager IT Software & Primary HealthcareQLD
- CCJava / J2EE DeveloperVIC
- FTSolution ArchitectNSW
- FTSoftware DeveloperQLD
- FTTechnology Project ManagerNSW
- TPProject ManagerVIC
- FTEnterprise Architect - Technology and StrategyQLD
- CCCommercial ManagerVIC
- FTSenior Support EngineerNSW
- FTSolution Architect - NetworksVIC
- FTJunior-Mid Level Implementation CoordinatorQLD
- FTDevOps EngineerNSW
- TPAEM DeveloperNSW
- FTSystem AnalystNSW
- FTSQL BI Report DeveloperQLD