VoIP security still a major issue

It is not just budgetary constraints impeding voice-over-IP implementation but security concerns, according to Webtorial’s recent 2003 VoIP “State of the Market Report” (available for download at www.webtorials.com). In this worldwide survey of end users, about 40 per cent of about 300 respondents cited security as one of the top four reasons why they haven’t deployed VoIP.

Digging deeper into the results, about 25 per cent of the respondents cited concern about security of the network infrastructure as a major problem, while the rest took a less drastic view of the problem. When asked about security of the network infrastructure vs the security of voice content, the greater concern was about the infrastructure.

The recent Blaster and SoBig-f attacks demonstrate that some of these concerns are well-founded — especially if the network infrastructure is not appropriately cared for. Some VoIP users who did not apply patches to protect against Blaster found their VoIP networks bogged down along with their data applications. Blaster-type attacks will force companies to take patches and upgrades more seriously. This additional diligence in securing the data network will have the side benefit of protecting the VoIP infrastructure.

But SoBig-f exposed a separate and equally disturbing VoIP vulnerability. By affecting e-mail, SoBig-f had a severe effect on thousands — if not millions — of PCs. While e-mail problems were being resolved, the PC became unusable for other applications. If you’re dependent on your PC for telephony, when your PC becomes unstable, your phone becomes unstable, too. This raises some serious questions about the wisdom of adopting soft phones — software that turns PCs into IP-based phones — as a part of overall VoIP implementation.

According to the “State of the Market Report,” end users strongly favour maintaining their traditional phones as part of their overall voice infrastructure.

Overall, virus/worm incidents shouldn’t have a major effect on the VoIP market. These are data security issues, and when they are addressed for the data network, the VoIP installation will be addressed by default. But virus/worm incidents do indicate that if you’re getting ready to go full-throttle with VoIP, it’s common sense to apply any applicable patches to keep your infrastructure up to date.

l Steven Taylor is president of Distributed Networking Associates and editor/publisher of Webtorials.com

Join the newsletter!

Error: Please check your email address.

More about Distributed Networking Associates

Show Comments

Market Place