Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Your Five Biggest Network Vulnerabilities: Page 4 of 5

Voice over IP: For all of the potential points of attack on enterprise networks, it's sobering to think that the technological push for Voice over IP [VoIP] has added one more. And it's a vulnerability whose scale we haven't even begun to consider.

"It's a vulnerability waiting to happen," Slaby says. "The only reason why we have seen more news of VoIP exploits is that the technology hasn't yet been that widely deployed."

But VoIP is picking up steam, and with it will come an amazing rash of attacks, Slaby says. "There are a ton of things waiting to happen," he says. "Because it's running on a data network, your IP phone system is vulnerable to all the same kinds of attacks as the rest of the network."

And it's vulnerable to a few more of its own, besides. "Man-in-the-middle attacks, IP telephony spam (dubbed "spit" for "spam over IP telephone"), impersonation attacks to use the phone system for free or to steal personal information --- all of these will soon be commonplace if VoIP security doesn't match the pace of VoIP adoption.

"We'd better be shoring-up traditional data defenses before we depend on VoIP." Slaby warns. "But there isn't anywhere near the awareness that there needs to be. Just as Slammer and Blaster drove the intrusion prevention system market, I'm afraid that there's going have to be something very big to raise awareness of VoIP security."