Voice Over IP Can Be Vulnerable To Hackers, Too - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hardware & Infrastructure

Voice Over IP Can Be Vulnerable To Hackers, Too

Technology managers must remember that Internet telephony is subject to the same worms and viruses thtat threaten other networked systems.

As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems.

"With VoIP," security specialist Mark Nagiel said Thursday in an interview, "we're inserting a new technology into an unsecured and unprotected environment. VoIP is essentially availability driven, not security driven, and that's the problem." But Nagiel, manager of security consulting at NEC Unified Solutions, said that there are measures that can be taken to protect voice over IP from the threats that confront Web telephoning.

The first step--an obvious one, he says--is to secure existing TCP/IP networks. Nagiel is finding that the new government-required regulations--such as Sarbanes-Oxley, which stipulates improved accounting record-keeping, and HIPAA in health care--are helping IT managers because they impose security discipline across-the-board. "The financial and health-care fields are getting secured very quickly," Nagiel said.

Even so, there can be difficulties. He noted that although hospitals' protection of patient records generally has been excellent, they often neglect to completely secure physicians' conversations. Security managers can overlook the fact that voice over IP conversations can reside on servers that can be hacked.

The traditional voice model utilized PBXs, which were stable and secure, Nagiel noted. If the voice over IP infrastructure isn't properly protected, it can easily be hacked and recorded calls can be eavesdropped. He says the networks utilized to transmit voice over IP--routers, servers, and even switches--are more susceptible to hacking than traditional telephony equipment.

It's also relatively easy to launch an attack against a voice over IP network because the software tools available to hackers and others bent on invading a network are more available and easier to use. "And the exposure levels have gone up because there are so many nets," he said.

What's the solution? "You need strong encryption over VoIP servers and VoIP client devices," Nagiel said. He observed that extensive encryption can slow down efficiency of networks, but encryption is a small price to pay to avoid denial-of-service attacks and invasions of networks. Another useful defense tactic is to use virtual LANs "whenever possible to separate traffic," according to Nagiel. In this way, transmitted data can be segregated into unique virtual LANs for data and voice transmission.

However, Nagiel cautioned that security managers should resist using shared Ethernet network segments for voice.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll