Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Friday, August 24, 2007
VOIP Security Requires Layered Approach, Experts Say
A combination of technology and education helps address VOIP threats, security professionals say. Voice-over-IP deployments are expected by some to be targeted by attackers more as the number of organizations utilizing the technology increases, with phone phishing in particular becoming a greater threat. An example of a phone phishing scam would be an attacker sending a spoofed e-mail instructing the customer to call a phone number to reactivate his or her bank account. “Voice is an inherently trusted communication and consumers are not conditioned to distrust the phone in the same manner that they do unsolicited e-mail,” said Victoria Fodale, an analyst at research firm In-Stat. Effectively combating VOIP threats requires applying the same best practices governing Internet security, she added.
She listed BorderWare Technologies and Sipera Systems as key providers of VOIP security tools on the infrastructure side, and Zfone’s encryption technology—-which has been submitted to the IETF (Internet Engineering Task Force) as a proposed public standard—-as important on the client side.
“because most of the voice-over-IP traffic is still not encrypted,” said Paul Wood, an analyst with MessageLabs, headquartered in Gloucester, England. However, he added, VOIP security threats remain largely theoretical, as hackers and cyber-thieves tend to focus their efforts on e-mail. e-mail is certainly the single biggest target for [such attackers] because it enables them to exploit this massive ecosystem,” Wood said, adding that the mix of hardware- and software-based VOIP deployments makes it harder for hackers to target systems.
It takes a mix of security tools, from session border controllers to dedicated firewalls for VOIP traffic to network and host intrusion detection/prevention systems, to secure VOIP, Fodale said. She added that the key challenge for businesses will be to integrate VOIP security into a unified security framework.