VoIP security issues to the fore in 2007

The new year could ring in increased security threats for VoIP deployments because as VoIP gains more traction security analysts are expecting more vulnerabilities to surface, which will encourage development of VoIP-specific defense and diagnostic tools.

The SANS Institute recently included VoIP among the top 20 internet targets that are at risk from attack. At the same time there exists a school of thought that believe internet telephony is more secure even though it is at risk of DoS attacks, network eavesdropping and call manipulation. The contention of this group, which includes Richard McLeod director of unified communications for worldwide channels at Cisco Systems, San Jose, Calif, is that the risks associated with VoIP are those of network security and not telephony specific.

VoIP related security problems can be nipped in the bud by careful configuration. An important precaution is to let only a select few access the VoIP call processor. Only the call manager and some XML application servers should be allowed access to the VoIP phones.

Recently we revealed that up to 70% of all calls made over the internet, and calls to / from remote call centers, are under threat of attack due to poorly implemented or non-existent network security.