March 14, 2009, Peter Nesbet writes, “VoIP security has been called in question recently, though there is little evidence to indicate that VoIP security is any less than conventional telephony systems….There is actually very little difference between VoIP security and that required for any other type of data transmission system.”
Nothing can be further from the truth. First, VoIP is dramatically different. VoIP must need stringent latency (the time to get a packet through a network) and jitter (the variance in the time between packets) to requirements to provide acceptable quality of service. This means the standard firewall techniques of filtering packets don’t work well unless special purpose hardware is used. Second, VoIP opens your voice up to interception … people can monitor your phone calls easily … unless you (and the party you call) use encrypted VoIP. Once the VoIP traffic is encrypted, you can send anything over the VoIP connections and bypass data loss protection systems, and bypass virus/malware scanners because these systems have to see inside the packets. And, encryption makes that impossible.
VoIP is very insecure precisely because of attitudes like Peter’s. I demonstrate how easy it is to spoof caller id and to divert called numbers to different parties in a VoIP Security course I offer. These are things that people absolutely trust … which makes it an especially vulnerable area!
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.