While many issues remain unsettled in the area of VoIP (voice over internet protocol) technology, IT security experts believe that it could be the next major target for various attacks.
During his presentation in the recent MediaConnect security forum, Nigel Stewart, McAfee regional sales manager for Southeast Asia and India, said that although no high-profile cases have been recorded yet, VoIP would eventually become the target for hackers and malicious code writers.
VoIP is a category of hardware and software that enables its users to utilise the internet as the transmission medium for telephone calls. Voice data is sent in packets rather than by traditional Pots (plain old telephone system) circuits.
One advantage of VoIP is that the telephone calls over the internet do not incur a surcharge beyond what the user is paying for internet access, much in the same way that the user doesn't pay for sending individual emails over the web.
“Its growing adoption from both the business and consumer side will make [VoIP] attractive for exploitation,” Stewart added.
McAfee believes that VoIP attacks would most likely take advantage of the various layers of the technology such as the transmission layer or hardware devices used to make calls.
“For the moment, VoIP security does not appear to be at the forefront of IT managers' minds,” said Stewart. “But it is definitely something people should consider and be prepared for.”
On the other hand, VoIP is also vulnerable to becoming a target for spammers, added Andy Lake, MessageLabs director of partners.
Both experts believe that VoIP is still pretty much a closed structure since almost no company exposes their VoIP system to the internet. However, by the time companies start publicising their SIP (session initiation protocol) addresses used in VoIP communications on business cards and websites, security will become essential.
“I really don't think people should be deploying VoIP unless they have the necessary security in place,” said Lake “Even if I haven't heard about any of these abuses actually happening, eavesdropping from a competitive advantage standpoint could be a major disadvantage for any user.”
Experts recommend the use of such security appliances as firewalls that are specifically designed to filter VoIP traffic for suspicious patterns and drop those connections.
IT managers should not assume that because their data networks are protected, adding voice to their systems will be secure, as well.
“Administrators may mistakenly assume that since digitised voice travels in packets, they can simply plug VoIP components into their already-secured networks and remain secure,” said Stewart. “However, the process is not that simple.”
“It would be good if in addition to installing specific products that can weed out suspicious VoIP traffic, companies should consider how their VoIP networks play in their overall security efforts, said Matthew Guide, Sales Director for Asia Pacific at SurfControl, a web and email filtering provider.
For more information, our sister site Techworld has a comprehensive VoIP resource page.