VOIP technology is becoming increasingly popular as businesses seek to provide employees with latest telephony services, connect remote workers and keep costs under control, but the associated security threats must be recognised and guarded against, according to a new guide from managed security company,
Redscan.
The guide,
Securing Voice Over IP systems/a> sets out the major security risks that businesses which use VOIP systems and software can encounter.
Including:
Privacy concerns: the data from VOIP calls can be intercepted easily when compared to analogue calls. Businesses can mitigate the risk by taking security measures such as using individually firewalled vLANs and encrypting calls.
Access and authentication: there needs to be a strong authentication process in place. If a single password is used to identify a user it must be strong enough to discourage hackers.
Denial of Service attacks: VOIP networks are vulnerable to DoS attacks such as hackers flooding servers with connection requests - such attacks can bring down the entire system. Businesses that have an application firewall in place can protect themselves against these attacks.
Vishing: criminals have started using VOIP to carry out phishing campaigns, with some attacks being masked as coming from a trusted phone number. These attacks are likely to increase in sophistication and businesses must remain vigilant to avoid handing over any data to criminals.
The guide also covers; toll fraud; VOIP spam; replay attacks and traffic manipulation.
Simon Heron, Internet Security Analyst, Redscan says: VOIP brings many benefits to businesses such as reduced telephony costs, increased productivity and the flexibility of making and receiving calls to work numbers remotely, however, implementing VOIP systems and software does provide increased opportunities for cybercriminals to exploit security loopholes in corporate networks. Our guide highlights the main threats to businesses and provides advice on how managers can mitigate the risks associated with using VOIP.