- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Voice over IP, like many new technologies, suffers from having security as an afterthought. Headlines tell of VoIP vulnerabilities that can lead to eavesdropping, a new form of spam, even denial-of-service attacks that can take down the one communication network that businesses rely on most.
Lawrence Orans, a research director with Gartner, says some of these threats are overblown and aren’t likely to happen in a corporate setting. Frank Dzubeck, president of Communications Network Architects, which analyzes the industry, believes that given the lack of security built into IP, anything can happen. Network World Senior Editor Cara Garretson spoke with both, aiming to separate hype from reality.
Audio feed: Listen to the entire Q&A on VoIP security issues by Cara Garretson, Lawrence Orans and Frank Dzubeck (25:18)
LO: First of all, I’d like to clarify the term voice over IP. Voice over IP is an umbrella term. We see it used for all forms of packetized voice, whether it’s Internet telephony, such as Skype, or Internet telephony services provided by cable operators. We also see Voice over IP used interchangeably with IP telephony, which is very much enterprise focused. And there the problems are very real.
[VoIP] is really just another application running over the network, and it’s been the most reliable, so any outage or security breach is just a huge problem. The lack of high-profile attacks has lulled people into a false sense of security. However, the actual threats are very real. With IP telephony, we’ve got a second computer on someone’s desk; the IP telephony handset has memory, and it’s got an operating system. True, it’s a hardened appliance, but still it can be attacked. The PBX server itself, that can also be attacked. And also the protocols themselves, many of the signaling protocols are still relatively new or they’re proprietary, so in either case they’ve not undergone a level of scrutiny for security vulnerabilities as a more mature protocol. So overall I would say the threats are very real and the key thing is to understand the issue well enough so that you can separate the overhyped threats from the real threats.
FD: The issue is IP itself. IP was never designed with security in mind. Voice over IP, correct, it’s an application, and as an application inside the enterprise it’s going to be a pervasive application. But the issue is . . . it has all the vulnerabilities. If you don’t take a look at the security aspects upfront for voice over IP, then you stand a tremendous disaster staring you in the face, because the holes will occur.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Leveraging the Advantages
of a Multi-vendor Network Strategy
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Click here to view whitepaper!
Comments (6)
VOIPBy Anonymous on November 6, 2007, 3:26 amI think VOIP is great and i havent had a problem with the security issues. Its a must for business owners if they want to increase revenue. There are many high...
Reply | Read entire comment
Nationwide VPNBy Vic on March 17, 2007, 3:37 amEven the overhyped threats are necessary. Sometimes you have to point out the problems that will strike fear in everyone's minds, like eavesdropping, so that when...
Reply | Read entire comment
Really very nice and usefulBy Anonymous on February 2, 2007, 12:26 amReally very nice and useful article.
Reply | Read entire comment
Good ArticleBy Anonymous on January 31, 2007, 1:01 pmThe idea of “IF IT ISN’T BROKE DON’T FIX IT” runs rampant within the voice industry especially within the vars. This one statement proves that this industry has...
Reply | Read entire comment
Hybrid systems are at higher risk.........By Anonymous on January 31, 2007, 9:15 amJust one more thought, hybrid PBX systems should really be what the industry should be concerned about. These systems where not meant to be connected to a data network...
Reply | Read entire comment
View all comments