VoIP vulnerability may be over-hyped, analyst says
- 25 January, 2006 12:45
- Comments
The surfacing of a pair of flaws in Cisco's CallManager IP telephony servers last week raises the hot-button issue of how to secure enterprise VoIP networks from attacks. But one industry expert says the threat of an attacker or virus taking down a businesses IP PBX or VoIP network is more phantom than menace.
"There is a lot of hype about IP telephony security threats," says Lawrence Orans, principal analyst with Gartner, in a recent interview. For organizations that don't have network or security team members who are knowledgeable about voice/data convergence as well as security, "then IP telephony security can sound pretty scary," he adds.
Best practices for securing VoIP networks include disabling unnecessary services on devices running call control software, running VoIP gear along with firewalls and intrusion prevention systems, and keeping up with software and security patches and updates for VoIP hardware, software and server operating systems.
One Cisco VoIP flaw identified last week involved the potential for denial-of-service attacks to be launched against a CallManager server. In addition to upgrading CallManagers with software fixes, the vendor says that taking steps to more tightly control what kinds of traffic can access a CallManager server is another good precaution.
"By using access lists and rate limiting to control access to the Cisco CallManager, the risk of successful attack is greatly reduced," Cisco said in its bulletin last week.
While holes can and will pop up in VoIP gear from all makers of IP telephony gear, from Cisco, to Avaya, 3Com and Nortel, "the bottom line is that IP telephony attacks are rare," Gartner's Orans says.
Converging voice and data allows for cost savings on administration and network maintenance, and provides potential productivity benefits of voice-enabled applications and unified messaging. "Enterprises that diligently use security best practices to protect their IP telephony servers should not let these threats derail their plans."
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Get Control: make document management an integral part of your overall IT strategy
- Reconciling Datacenter consolidation and security: It starts with an integrated approach
- Guidance for Calculation of Efficiency (PUE) in Data Centers
- Data Center Physical Infrastructure: Optimising Business Value
- IBM agility@scale™: Become as Agile as You Can Be
-
The NBN, service providers and you... what could go wrong?
-
NBN build gaining momentum daily: Quigley
-
FTC chairman: Do-not-track law may not be needed
-
Kindle sales soar but Amazon mum on actual numbers
-
Wall Street Beat: IPOs, M&A, chip news stir tech optimism
-
Windows 7 for Dummies®
-
MYOB Software for Dummies 6E Australian Edition
-
Teach Yourself Visually Windows 7
-
Windows 7 for Dummies® Dvd+book Bundle
-
Computers for Seniors for Dummies, 2nd Edition
-
Microsoft Office
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Seniors for Dummies®
-
Office 2007 All-In-One Desk Reference for Dummies
Comments
Post new comment