|
Security Exposed
VoIP security is paramount not only because of the risk to mission-critical telephony communications, but also for compliance reasons. "The two biggest concerns are reliability and eavesdropping," says Peter Thermos, CTO of Palindrome Technologies Inc., a security consultancy in Red Bank, N.J. "The latter is particularly an issue because of all the regulatory issues in the financial sector."
Security experts say VoIP's common H.323 protocol, in particular, is a tempting target for those who might want to practice packet inundation, basically flooding the pipe, and call hijacking (or redirecting calls). The hackers' motivation might be mischief or foul play, but that doesn't matter if you're trying to place or receive an important call. Nobody really needs a denial-of-service attack degrading connection quality or bringing down the system entirely.
VoIP devices are vulnerable to the same weaknesses as their underlying operating systems. As Windows or Linux goes, so goes VoIP. This means desktop and server operating systems need to be kept up to date, well patched and protected by the usual phalanx of antivirus, antispam and other security software.
Sometimes-connected devices, such as cell phones running Windows CE, the Palm OS, and Symbian OS, must also be up to date. These devices don't typically run the antivirus and security updates that guard desktop devices. CIOs must ensure that all desktop and mobile devices are running the latest updates of their respective operating systems. Again, the argument is for sound, solid network hygiene across devices and operating systems.
|
 |
|
|
