Security Over VoIP - The Price YOU Pay for VoIP.

Utilising the existing data infrastructure for voice communication exposes the VoIP systems to traditional treats known from IT and networking. When endpoints and servers fall prey to attacks coming from the IP network, they may become infected with Worms, Trojans and Viruses. It is only a matter of time before the first Trojans specialised for VoIP equipment will appear. These can lead to the degradation of VoIP, with the bugs promulgating themselves to servers in the data network, causing damage to data storage and major changes in configuration and routing protocols. Such attacks can carry serious consequences such as immobilising the phone system and data network. Your VoIP equipment may be used by Trojans to make calls on behalf of you without you knowing it.

As a result of its ability to deliver corporate applications and processes across several tangible locations and geographic boundaries, IP networking is vulnerable to hackers, cyber felons and resentful employees who abuse their positions.

Identity Theft
Common threats such as Identity Theft can be easily carried out when adequate security mechanisms do not exist in the system or when these sensitive information is kept in servers where formats can be reversed and accessed illegally. This form of attack usually creates a large amount of stress and disturbance to administrators and companies. Confidential information such as passwords and usernames can be retrieved and misused for personal and economic gains. Installing multiple layers of defense measures, application layer gateways and maintaining current patch levels will reduce the number of attackers successfully gaining unauthorised access.

Eveasdropping
The other most talked about threat in VoIP implementation is Packet Sniffing. Unsecured VoIP communication is vulnerable to it and can be easily intercepted. During communication, data travels as packets on networks and these are transmitted through a number of routing points to reach its destination. If it is possible for the “Bad Guy” to reroute your data packets through a machine he controls then copying the packets is quite easy. Unsuspecting users may divulge usernames, passwords, billing information and other confidential business and personal information.

Encrypting data sent and retrieved is one proposed method to stop eavesdroppers while providing a secure platform for confidential discussions. One effective approach is to use a secured VoIP solution such as [ClosedTalk] that allows users to converse with confidence and ease through its secured architecture and authentication.

Identity Theft
In the instance of such a fraud, international calls are usually made by an unauthorised third party making outbound calls using legitimate details and passwords. In USA alone, the losses are estimated to be in excess of billions. Some of the most frequently used methods of toll fraud are through accessing free hotlines, voice mail penetration, PBX manoeuvre, port tampering, remote access misuse, staff or operator deception. To combat toll fraud, one of the key security applications that companies have to instil in the employees, are discipline and education. It is important to stress the importance of keeping authorisation codes confidential and constantly updating them.
© 2008 CE-Infosys Pte Ltd. All rights reserved