/weblog/thinking-about-voip-security

Thinking About VoIP Security

Friday, February 27, 2009

Voice over Internet Protocol (VoIP), specifically Session Initiation Protocol (SIP) is becoming more popular because it allows companies to communicate over an IP network. This saves money by allowing companies to add new branch offices without requiring point-to-point circuits to be provisioned. Companies can avoid the local phone network (and its associated toll charges) completely when calling other VoIP phones. Given that VoIP and SIP allows for the use of a data network versus leasing telco facilities, VoIP quite often is a money saver. It also allows users to more effectively combine voice and data on a single facility. The savings generated from the use of VoIP range considerably. Savings of from 40 to 80 percent when compared with using leased facilities, due in large part to the pricing differences in leased facilities around the world.

As more VoIP solutions are deployed using SIP, one can expect more VoIP network security risks. Why the issue of security? Well, some companies just aren't prepared.

While companies have become accustom to spending on specialized security controls to handle threats to their Web and email applications, they may not be mindful of the measures required to secure their VoIP networks. VoIP and SIP are susceptible to security breaches; it is an increased area of focus for all users.

More awareness of the issue in recent months has helped. The potential for security holes in a VoIP network are numerous. The threats include rogue VoIP gateways and illegitimate handsets using IP networks as well as denial-of-service attacks from spammers. A "Black Hat" could also turn their attentions toward Microsoft Office Communications Server to exploit connections for instant messages, email addresses, and buddy lists in an effort to create bottlenecks and launch attacks.

Fortunately, there are multiple hardware and software approaches that can be deployed. There are complimentary solutions available to monitor applications for spikes in usage. If you need solid advice on VoIP security, contact us. We are stepping up to prevent and fight off VoIP attacks.