VOIP Security Poses a Problem

CHICAGO Supercomm 2004 – Security has always been a major headache for telecom data centers, but the emergence of VOIP could make this worse, according to experts attending this year’s Supercomm event in Chicago.

As opposed to traditional telecom networks, which use circuit switches to transfer calls, IP-based VOIP networks rely heavily on enterprise data gear. Running VOIP across routing and switching equipment means that ports are often left open to allow the passage of VOIP traffic, which could expose backend data center servers to security threats such as viruses and denial-of-service attacks.

“In a more VOIP-oriented business, your ports are open all the time, so you have the potential for receiving errant packets that cause network disruption,” says Tom Gage, senior vice president and general manager of VeriSign Inc. (Nasdaq: VRSN).

Gage says that many telecom firms have yet to develop the skills required to tackle this problem. “Traditional carriers don’t have many skills when it comes to addressing the security issues in a VOIP environment.”

Security vendors like TippingPoint Technologies Inc. and Check Point Software Technologies Ltd. (Nasdaq: CHKP) are addressing some of these issues within their product families, but it appears that telecom firms could have their work cut out (see Vendor Points to VOIP Vulnerabilities).