iTnews
  • Home
  • Features
  • Technology
  • Security

Debate: IP telephony is insecure and cannot be used in an organisation’s infrastructure just yet

By Tim Keanini on Dec 9, 2005 5:21PM
Debate: IP telephony is insecure and cannot be used in an organisation’s infrastructure just yet

FOR - Tim Keanini, CTO, nCircle

With most VoIP systems, email and voicemail are housed in the same Exchange server. Prior to VoIP, an attacker would have to have knowledge of a specific vendor's firmware or software. This platform presents a familiar face to the attacker and for the less skilled, exploit tools are widely available.

Wire tapping, or unlawful intercept, has also become easier with VoIP. No physical access is needed, the target faces a globally connected threat. These bits flow as freely as web traffic.

Another problem with IP telephony is that most VoIP vendors seem to believe that security is for others to solve. The typical response is to recommend that VoIP be put behind a firewall, or on an isolated network. But this isn't feasible with converged networks. So security comes second to functionality and is seen as a feature and not a fundamental.

VoIP might not be considered safe, but what complex system is safe? The threat is opportunistic and won't focus on VoIP until it is the best means to attack. In order to manage this risk, you need network intelligence. Only then can you realise the benefit of IP telephony.

AGAINST - Ian Shepherd, solutions manager, Telindus

Any technology that offers major benefits is open to attack if it is adopted without considering the security implications. Much has been written about how an IP telephony infrastructure could be attacked. But its security has one important thing going for it, hindsight! Expertise and experience in securing data networks that has been painfully built up in the past 15 years can be applied to voice networks.

We have the technology to contain threats, and with the work of the US National Institute of Standards and Technology (NIST) and the VoIP Security Alliance (VoIPSA) we can stay ahead of the game.

VoIP can be done securely, but firms must proceed cautiously and not assume that the components are just peripherals on the Lan. Keep in mind also VoIP's unique requirements, acquiring the right hardware and software to secure VoIP is crucial. The recommendations made by NIST, VoIPSA and vendors are mostly extensions of existing security practices and should not surprise any company that already takes its data and voice security seriously.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
anandbecannotdebateininfrastructureinsecureipisjustorganisationssecuritytelephonyusedyet

Partner Content

Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Tim Keanini
Dec 9 2005
5:21PM
0 Comments

Related Articles

  • Collins Foods puts IT focus on security controls, cloud services
  • Ukrainian cyber resistance group targets Russian power grid, railways
  • Queensland's CS Energy has its corporate systems infected by ransomware
  • Cyber incident takeover powers reintroduced to parliament
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
PayTo rollout kicks off

PayTo rollout kicks off
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
The security threat of quantum computing
The security threat of quantum computing
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.