Tuesday, November 21, 2006 | MANILA, PHILIPPINES
News
Voice over Internet Protocol (VoIP) service providers and enterprises should take steps to minimize security risks before the technology is more widely deployed, market analysis and consulting company Ovum PLC said in a recent statement.
Most organizations are either new to IP telephony or are still considering adopting it. Their primary concern has been voice quality and functionality.
Only a few have considered security issues. When they have, they are usually preoccupied with just disclosing sensitive information in phone calls or with unwanted marketing calls.
The risks, however, are very real. "We do not know which threats will become critical in VoIP or how long the process will take, but it would be foolish to ignore them," the statement quoted Ovum principal analyst and security expert Graham Titterington as saying.
Two areas are mainly at risk, namely: the integrity of IP telephony systems and the data systems to which they are connected. Internet attacks on data networks can attack the VoIP network since, with VoIP, telephony and data systems share the same network.
Specific risks that threaten VoIP include:
- spam, whereby mechanically replicated voice messages could flood the systems and inundate users;
- phishing, or using voice spam to obtain personal information such as bank details;
- toll fraud, where premium calls are made to a number that benefits the hacker; and
- denial of service attacks, which prevent the use of services such as the telephony service.
Because of their lack of awareness of such issues, current users do not demand increased security in VoIP products and services. Hence, security improvements are being driven by just the supply side of the industry, namely: the vendors and IP telephony service providers.
"Vendors are pushing their existing security products to businesses, but these products focus on the public Internet, which is not normally a component of enterprise VoIP networks," Mr. Tittering-ton said. "In the process, they fail to meet the most urgent security requirements of enterprises and do not address the specific risks of using VoIP over the corporate intranet."
"What vendors and businesses need to focus on is protecting the gateway from traditional IP network attacks such as voice spam and toll fraud attacks" he says. "Enterprises must establish what place there is for VoIP in their activities and start building up defenses using filtering technologies now."
Mr. Titterington believes that VoIP service providers should take the leadership in securing IP telephony services, whether they provide public VoIP services or manage such services for enterprises. "The service providers are the role models that enterprises with their own internal VoIP services look up to," he said.
No comments:
Post a Comment