VOIP is definitely a cost effective way to manage communications, both for business and personal use alike. As with many other things in life, though, VOIP does have some downsides to it. Jim Higdon writes a very information article on the top security threats for VOIP this year. Here is his list â€“ complete with explanations as to why they have predicted these items as part of the top VOIP security threats for 2008:
1. DoS (denial of service) Attacks on VoIP Networks: This has been a concern for the IEEE (Institute of Electrical and Electronics Engineers) since 2006, and VoIP watchers have been concerned about DoS attacks for the past year. DoS attacks can overwhelm your company’s phone lines, creating long-term busy signals, forced call disconnects and an exhausted work force.
2. VoIP Eavesdropping: In June 2007, it was learned that a hacker with a packet sniffer and VOMIT could tap directly into VoIP calls. Then it was learned that those vulnerabilities could also lead to DoS attacks. â€œAnyone on your network,â€ stated an article found at EnterpriseVoIPPlanet, â€œanyone on other networks that you contact â€” and all points in between, including service providers â€” all have the opportunity to do an awful lot of juicy snooping.â€ Not to mention, of course, that the FBI and other security agencies can do all the VoIP snooping that they want. How do you prevent unwanted listeners on your VoIP calls? Place all VoIP phones on separate, secured vLANs to protect against rogue devices, then protect that vLAN against the introduction of unauthorized devices. Once you’ve isolated your VoIP devices, limit their inbound and outbound traffic so that they can only communicate with their call manager, encrypt the calls that travel over public networks, and watch the news and get ready to react, according to SearchSecurity.com.
Let’s cut this short for now – I’ll post the other points in the next entry.