I must admit, I frequent the New York Times technology section. No, not for the engaging technical news, but for the good technology business-related info. Occasionally, I'll stumble across some interesting security-related topics, and today was one of those days.
A story by Eric Taub entitled "Looking at VoIP System Security" captured my eye. I must admit that I never really considered that VoIP would be a tasty target for hackers, and after some reflection, I realized how much of a bonehead I was.
It's no fun having your credit card data sniffed off your Ethernet segment, but can you imagine all of your phone conversations being sniffed as well if you're a VoIP shop or you use Vonage at home?
Taub's article focused on how the big VoIP players, like Avaya, Cisco, and Nortel, are downplaying the need for a comprehensive security solution from a vendor called VoIPShield Systems. Major VoIP shops claim that VoIPShield is shamelessly self promoting and possibly even overstating the security threats. Taub quotes Avaya's reaction to the threat: "The vulnerabilities are of moderate to low impact, and may be avoided entirely in some cases with proper configuration on the user side."
That doesn't sound like overstating the security threat to me. To me, that's admittance that there are indeed security issues to be addressed. A few Google searches reveal that VoIP security is indeed a well-researched topic by security gurus and hackers alike, and there's no shortage of well-discussed VoIP hacks and hack tools out there in the community.
So maybe there is a need for a "VoIP Firewall" of sorts. Today, we expect our digital data to be stolen at some point, but for some reason we feel that our voice traffic is always safe and anonymous. But the reality is that our VoIP traffic is not safe, and just ask the federal government how tough it is to get access to that POTS line you're talking on at home.