Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, June 10, 2005

Keeping Voice Safe in the New Converged

Converged voice and data systems are now a reality.  They are bringing a myriad of benefits to customers - ranging from efficient use of bandwidth to enhanced scalability, cost reductions and improved productivity.  One of the most significant is the way in which the threat to systems security and in particular to the integrity of voice communications has changed.

Companies can now operate a wide range of applications over a single network platform including unified messaging, video conferencing, and flexible remote access.  Before the advent of convergence, voice traffic was relatively secure in the protective proprietary operating environment of the customer’s PABX.

Now, however, it is typically just another generic server type platform within a company’s data system and, as such, subject to the same risks that affect the data environment as a whole including worms, viruses and password attacks.  With an old-fashioned TDM PBX switch an intruder would typically have to have physical access to the phone line itself in order to attach a bugging device and eavesdrop on calls.  Now, just by penetrating the VoIP gateway, he may place the voice conversation itself under threat not just from straightforward listening in, recording and replaying but even in some cases call redirection.

Voice over IP (VoIP) remains a relatively new development, critical security vulnerabilities are being identified all the time, leaving systems at risk from a broad range of potential attacks, leading to possible ‘denial of service’.  In spite of these continued threats, there is still some naivety about the sensitivity of the marketplace to voice performance and voice resilience.

Perhaps even more alarmingly the availability of the IP network itself could be at risk, threatening the ability of an organisation to communicate via either voice or data.

And many of the end users to whom they are selling do not have the budget or the in-house resources to manage or even fully understand all the security implications of the growing development of VoIP solutions.

Consequently, there is set to be significant market growth in solutions from the major providers that are designed to protect IP telephony platforms.

In the past, voice networks were generally robust and built on long established and evolved standards.  Equally the process of PBX configuration had become almost routine and voice transmission plans, interface and integration processes well rehearsed.  Equally, the value of IP telephony security is likely to receive greater recognition and more robust voice security built into the fully converged solutions currently being developed for customers.

If end users are to have full confidence in migrating to VoIP solutions, it is essential that the major providers play a key role in this process.

To understand the nature of this role, you first need to appreciate that VoIP security cannot be seen in isolation. It is just one, albeit critical, part of the complex integration challenge facing providers of converged solutions today.

Posted on 06/10