VoIP security threats -- The new world

Part of the problem for the VoIP implementer is that legacy TDM PBXs and phones have very few security problems. Not only is security strong, but the user is also used to a high level of privacy. The primary security issues for TDM-based PBX systems were toll fraud and tampering with feature/function privileges and restrictions. Both of these problems have been significantly reduced in the past several years.

What makes VoIP security different?
TDM analog and digital phones are dumb. The PBX contains all of the intelligence and is essentially a closed system. This is not true for VoIP. The call server is more easily accessed and gateways and IP phones are software based rather than hard-wired. The softphone is no more secure than any other PC application. VoIP has opened voice devices to more security problems and attacks than encountered in TDM-based environments.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT VoIP QoS and VoIP Security VoIP implementation study guide How will VoIP impact the quality of phone calls on our network? How does one cope with echo in a VoIP-enabled network? What's the best way to use an echo canceller? Does implementing VoIP security affect the QoS? How would one handle it, if it does? IBM, Avaya deals signal IP telephony quality control's coming of age Ensuring voice and video quality about more than watching packet flows Security concerns for enterprise Skype VoIP service selection: MPLS, VPLS or Metro Ethernet? Microsoft's Real-Time Codec (RTC) for VoIP optimization Disaster and recovery in the VoIP/IPT RFP Unified Communications Tech Tip The significance of Avaya's Aura UC buyers should look for SaaS-based UC offerings in 2009 Using the iPhone in the enterprise? Social networking and discussion forums for the enterprise Streaming Cisco's IP Communicator to an HP thin client Demystifying unified communications deployment strategies Presence management and security Presence: SIMPLE versus XMPP Four factors driving videoconferencing Consider IBM Lotus SameTime for UC, not just Microsoft OCS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary vishing  (SearchUnifiedCommunications.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Security personnel have to broaden their perspective in response to VoIP's security problems. There will be security issues with the server. Many of the new threats will relate to the phones and gateways. The attack or threat may appear to be the same as that found in data security, but the results will be different. Many of the threats will be generated behind the firewall by internal employees, individuals who are on site temporarily, and contractors. Some threats are not really attacks but are caused by negligence or abuse.

The threats can be variations of those found in data networks or can be specific to VoIP. Here are some of the security threats found in IP-based telephone networks:

In the next two tips, the tools and methods for testing your VoIP/IPT vulnerability will be explored. The last tip will discuss the countermeasures available to protect against and mitigate these threats.

About the author:
Gary Audin has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks, as well as VoIP and IP convergent networks, in the U.S., Canada, Europe, Australia and Asia.

Rate this Tip To rate tips, you must be a member of SearchUnifiedCommunications.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.