VoIP is voice, voice is bits, and, like any good techie would know, bits can be manipulated. Statistics have proven that a good percentage of malicious attacks are instigated internally within the network. Because voice and data, both sit on the same network, the chances of a potential threat are greatly increased.
From eavesdropping conversations using a software tool like Cain and Abel to trace and playback real time transport protocol (RTP) streams, to intercepting bank account PINs on an IVR, to stealing your identity, to using compromised servers for a denial of service (DoS) attack, the devious VoIP thugs could get their jollies by poking an unencrypted network by any of the several means.Killing default passwords, installing a proper call accounting system and using some of the best VoIP security tools can shield your network from such threats to a large extent.
"Practice safe VoIP," is Dan York's appeal to the new entrants in the digital telephony landscape. In a spicy, fictional anecdote, CISSP's Director of Emerging Communication Technology cleverly reveals the possible security vulnerabilities VoIP networks are amenable to. Like all happy tales, in the end, the bad guys lose; VoIP security tools are to the rescue. But in real life, Dan warns, the potential threats are only increasing.
Dan York, CISSP, is director of IP Technology reporting to the CTO of Mitel Corporation and focused on analyzing emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates efforts to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, Dan served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003. Dan is also the Best Practices Chair for the global Voice Over IP Security Alliance (VOIPSA) and writes in the Voice of VOIPSA group weblog and produces and co-hosts Blue Box: The VoIP Security Podcast. His writing on emerging telephony issues can be found on his own weblog, Disruptive Telephony.
This free podcast is from our Emerging Telephony Conference series.