Home
About Us
IP PBX
Hosted PBX
IP Phones
SIP Trunks
PBX Dealers
Asterisk PBX
Unified Comms
VoIP Security
Call Centers
VoIP News
VoIP Dictionary
Office VoIP Blog
Dealer Center

XML RSS
What is this?
Add to My Yahoo!
Add to My MSN
Add to Google
 

VoIP Security Threats - Real But Misunderstood

Put simply, VoIP security is still in an infant state. Yes, the benefits of IP telephony and VoIP PBX phone systems are well understood.VoIP System Security

What!? VoIP Requires More Work!?

But, in exchange for the cost savings and enhanced productivity VoIP offers comes the demanding requirements in creating and enforcing an effective VoIP security policy to protect from outside hackers and external intrusion.

In other words, installing and operating an IP PBX phone system invites upon the owner/operator a completely new set of technical responsibilities, and plain old fashioned hard work.

Interested in more information? We recommend visiting the VoIP Security Alliance's hompage where you'll find plenty of detailed information and resources on how to counteract against VoIP system security risks.


Is Older Better?

Compare this to legacy, or "classical" PBXs. TDM-based analog and digital phone systems are completely unrelated and disconnected from the data IP networks they often sit next to.

And, the "primitive" or simple nature of their hardware endpoints (PBX and desk phone sets), and basic software, is, in fact, what makes them nearly "bullet proof" from a security standpoint.

Think of them as a hard-wired, or "closed," systems virtually unhackable from the outside.

Whereas, IP telephony systems are virtually "open" (after all, they're on, or rather part of, the Internet!) and can have their front doors at least knocked on by outside "bad guys" (i.e. hackers).Contact Center Agents

And, whether you let those bad guys in your front (or side) door depends on the VoIP security policy you've implemented (or not).

So, What Are The Actual Threats and Risks?

VoIP security threats can be broken down into a handful of categories, each involving their own list of malicious tactics.

Service Availability risks include various ways of rendering an IP PBX phone system useless to the owner, including:

Denial of Service (DoS) = some or all of a system's VoIP connections become unavailable, and therefore useless, as the result of being overloaded with prepared data packets sent from an outside source.

Viruses and worms = just like computer viruses affecting the PC world you often hear about in the news, malicious viruses can be created and launched to overwhelm and cripple operationally-critical VoIP system components.VoIP Network Security

Service Integrity threats involve maliciously hacking into a VoIP system to gain unauthorized control to steal identity and do things like place fraudulent phone calls.

Call Hijacking = an existing call is taken over by an outside hacker leaving the connection unavailable and rerouted to another source.

Toll Fraud = just like PC hackers can commandeer a computer, when the unsuspecting owner is soundly asleep at night, to utilize that PC's resources and processing power, VoIP hackers can gain control of a phone system to place their own telephone calls at the system owner's expense.

Identify Theft = a VoIP hacker could intentionally present a false identity in the form of a stolen caller ID, phone number, or voicemail.

SPAM Calls = imagine having your employees' IP phones constantly ring with uninvited calls from outside marketers, er, spammers, playing pre-recorded sales pitches all day long!VoIP Network Security

Eavesdropping is exactly as it sounds, and falls into the category of corporate espionage, where many small business owners think "Nah, my competitors would never do something like that."

Call Impersonation & Masquerading = imagine having someone steal VoIP identity to call one of your customers disguised as you!

Call Insertion = imagine being in the middle of an important conference call only to hear an unknown recorded voice play an embarrassing message!

Conversation Reconstruction = a privacy threat that involves the possibility of capturing and collecting the IP packets of a VoIP conversation to piece together and play back the original conversation.

Oh Wow, VoIP May Not Sound Worth It After All

Not the case at all! The information above is not intended to scare anybody away from transitioning their corporate phone system to VoIP, and instead is meant to present the realities of VoIP security threats and risks.

Yes, indeed, they are real. But, if managed properly they can be minimized.

And, just like the niche industry of IP telephony security is in its infancy, so seems to be the actuality of real life occurrences.

The number of small businesses who have reported being victimized and adversely affected by malicious VoIP attacks remains small.


footer for voip security page