Wednesday, July 7, 2010
VoIP security - The dos and don'ts of VoIP security
Though there is precious little evidence of VoIP security attacks, organisations cannot afford to be complacent. Make no mistake, says Anthony Plewes, VoIP is an attractive target for hackers and malware writers.
To demonstrate the potential danger that enterprises with unsecured VoIP systems face, the Voice over IP Security Association (Voipsa) has published a list of publicly available tools that target VoIP applications. There are signs hackers are now turning their attention to voice over IP and most security commentators believe the first major attacks will occur over the next six to 12 months.
This means all enterprises need to ensure their VoIP infrastructure is protected, though this needn't be an onerous undertaking.
The simple fact that VoIP now typically comes under the aegis of the IT department should in fact help security. Although running proprietary operating systems, PBXs were in fact open to a large range of security attacks. It was generally just a little harder to access and required specialised knowledge.
While VoIP has increased the number of people able to exploit a corporate phone system, the tools and expertise to protect the technology have also been improved.
VLANs
======
The first step for VoIP security is to follow data networking best practice. Ovum analyst Graham Titterington says: "Most security in VoIP is a question of good network security and housekeeping."
Enterprises should deploy the voice traffic on a separate virtual LAN, or VLAN, from the data traffic. This helps protect the voice service if there is a denial of service attack on the data network.
Chris Whitwood, network manager at University College Falmouth, which has deployed IP telephony, says: "Denial of service is a particular problem for VoIP as it can completely destroy your telephony service. To protect against this, enterprises need to use security such as intrusion prevention systems and have a well-segmented network using VLANs."
VLANs need to be properly architected to prevent packets jumping from one VLAN to the other. However, even if they are, hacking tools are available that can make packets do just that. Additional tools that will help networks in case of any attack are intrusion detection and prevention systems, which scan for rogue incoming packets, and straightforward antivirus software which can help prevent any known threats from disrupting the network.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment