VoIP - Vulnerability over Internet Protocol
During the past few years the two most significant focuses for remaining IT budget have been security and cost saving systems capable of demonstrating rapid ROI. But in almost all areas of business there is a trade off between risk and cost. As companies have double-locked the doors by spending on security for the data network, they may have left the windows open by pursuing saving in areas such as VoIP (Voice over Internet Protocol).
The VoIP 'revolution' has been talked of since the 1990's as the 'next big thing' in the enterprise telecoms sector; saving companies vast amounts of money on both call charges and internal network infrastructure and support costs. But just as the VoIP market is finally taking a cautious step towards delivering some of its long-overdue promise, the increasing priority of IT security may force it two steps back.
Recent research, by Secure Test, on the Cisco 7900 series VoIP phones have revealed serious security concerns (Note: Secure Test have independently tested the Cisco 7900 as this is the most widely used enterprise VoIP solution. Similar problems may well exist in other vendors products). With susceptibility to both DoS (denial of service) attacks and interception issues, it is clear that transferring phone systems to an IP network opens them up to many of the same security concerns as Ethernet data networks. More worryingly, phone systems may be harder or even impossible to patch.
