Data centers

01:02 AM
Connect Directly
Facebook
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

VoIP's Real Security Threat

Reading about the Asterisk vulnerability that was announced yesterday along with Edwin Pena's $1 million VoIP scam might give one the impression that today's corporate VoIP networks are at serious risk. Nothing could be further from the truth....

Reading about the Asterisk vulnerability that was announced yesterday along with Edwin Pena's $1 million VoIP scam might give one the impression that today's corporate VoIP networks are at serious risk. Nothing could be further from the truth. The reality is the vast majority of corporate VoIP networks would be invulnerable to the types of threats and the scams played by Pena and Moore. Those attacks hinged on being able to terminate VoIP calls on a service provider's VoIP network. Yet most companies only receive, and place, calls through PSTN gateways. VoIP trunks are far and few between precisely because of the inability to identify and sandbox incoming callers.

The same holds true for the Asterisk vulnerability. While significant the attack didn't get me terribly worried about the security of corporate voice networks. Aside from the fact that Digium patched the vulnerability quickly, most companies will be protected from external hackers precisely because firewalls will prevent external calls.

What did alarm me though was the weaknesses in underlying data network security. Pena and Moore could pull off their nefarious deeds by passing calls through open ports on many corporate networks, enabling them to steal administrator names and passwords to the routers.

Here lies the real threat to today's corporate VoIP deployments. Until data networks are adequately secured and protected no amount of VoIP security will save companies from attack.

Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
6
VMware NSX Banks On Security
Marcia Savage, Managing Editor, Network Computing,  8/28/2014
4
Real-World SDN, Lesson 2: Conquer The Enemy Within
Symon Perriman, Senior Technical Evangelist, Microsoft,  8/25/2014
3
How To Survive In Networking
Susan Fogarty, Editor in Chief,  8/28/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed