Careers & Certifications

01:23 AM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Hacking VoIP

I must admit, I frequent the New York Times technology section. No, not for the engaging technical news, but for the good technology business-related info. Occasionally, I'll stumble across some interesting security-related topics, and today was one of those days....

I must admit, I frequent the New York Times technology section. No, not for the engaging technical news, but for the good technology business-related info. Occasionally, I'll stumble across some interesting security-related topics, and today was one of those days. A story by Eric Taub entitled "Looking at VoIP System Security" captured my eye. I must admit that I never really considered that VoIP would be a tasty target for hackers, and after some reflection, I realized how much of a bonehead I was. It's no fun having your credit card data sniffed off your Ethernet segment, but can you imagine all of your phone conversations being sniffed as well if you're a VoIP shop or you use Vonage at home?

Taub's article focused on how the big VoIP players, like Avaya, Cisco, and Nortel, are downplaying the need for a comprehensive security solution from a vendor called VoIPShield Systems. Major VoIP shops claim that VoIPShield is shamelessly self promoting and possibly even overstating the security threats. Taub quotes Avaya's reaction to the threat: "The vulnerabilities are of moderate to low impact, and may be avoided entirely in some cases with proper configuration on the user side."

That doesn't sound like overstating the security threat to me. To me, that's admittance that there are indeed security issues to be addressed. A few Google searches reveal that VoIP security is indeed a well-researched topic by security gurus and hackers alike, and there's no shortage of well-discussed VoIP hacks and hack tools out there in the community.

So maybe there is a need for a "VoIP Firewall" of sorts. Today, we expect our digital data to be stolen at some point, but for some reason we feel that our voice traffic is always safe and anonymous. But the reality is that our VoIP traffic is not safe, and just ask the federal government how tough it is to get access to that POTS line you're talking on at home.

Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a ... View Full Bio
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed