Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Honeymoon Over For VoIP

Last month's FBI arrest of a man in Miami for allegedly hacking into the networks of Internet service providers has ushered in a new era for voice over IP technology (VoIP).

Naturally, VoIP inevitably was going to have to deal with the same type of security concerns that other data networks have faced. But the security space moves fast, and in recent months VoIP security has gone from an impending issue to a top-of-mind problem for vendors, VARs and users.

The Miami case, in which the alleged offender is accused of tapping into IP telephony networks to fraudulently sell more than 10 million minutes of calls, represents an escalation from simple denial- and loss-of-service threats to more serious theft-of-service attacks. Commenting on the case, Nemertes Research said that "converged networks lead to converged threats," and that such attacks are likely to continue, if not become more prevalent.

VoIP has been enjoying the "honeymoon" period during which attackers familiarize themselves with a new technology, but that honeymoon is now over, Nemertes says. As far back as 2002, Nemertes predicted four emerging stages of security threats in voice technologies: denial and loss of service; theft of service and toll fraud; eavesdropping; and social engineering through spoofing. The Miami case shows us to be halfway through those projections.

Many of VoIP's security problems arise when -- just like with other data networks -- organizations don't enforce policies or users aren't following them diligently enough.

  • 1