Customers fail to exploit the benefits of VoIP

Preconfigured phones easy targets

IP telephony deployments are failing to deliver the savings and benefits expected prior to rollout, according to customers attending a VoIP panel discussion held this week in Sydney and attended by about 50 delegates.

Very few customers could raise their hand and say they expect any real cost savings from their deployments.

Sean Barkley, the regional manager for advanced voice solutions at Verizon Business said this is because staff are using IP phones just for voice, ignoring features like remote office or the Web interface which can set any line as the office phone.

Barkley said staff training is critical and was one reason why IP deployments failed to meet ROIs.

He said the other problem is a lack of network auditing.

"Extensive network audits must be conducted prior to implementing IP telephony to minimize security risks and to maintain quality of service," Barkley said.

"The audit is critical to see what your network is built on and what applications are running to factor in what may need to change; the audit for one site can go for 17 or 18 pages."

Telsyte analyst, Warren Chaisatien, said the network which hosts IP telephony must be free of resource-draining applications such as Skype which can dramatically affect the quality of service, and can open security holes.

"IT should include network policies in their audits which limit the use of Skype and IM, because users who have these applications at home tend to download them on the corporate network as well," Chaisatien said.

Removing peer-to-peer and instant messaging applications will help plug the security holes in IP telephony, according to Avaya Asia Pacific CTO Robbie Kruger, who said everything from bandwidth to corporate data can be stolen when VoIP is seen as "just a little bit more data to deal with".

"Consumer grade applications like Skype are great, but it can be a security threat to your organisation because you set up yourself as a mini hub; you will find you are compromising your business and your voice might not be there tomorrow," Kruger said.

"Other people use your bandwidth when you become a broadcast hub, and you can lose service for not just your voice, but for all your data applications which will affect the quality of voice across the WAN."

Potential IP telephony security flaws could allow hackers to access a network by locating the address of VoIP Web servers on Google or by scanning for commonalities in mail server protection lists.

Security firm Assurance.com.au director, Neil Wise, said hackers could access a network hole by locating a VoIP Web server indexed by Google, and could locate default usernames and passwords in installation documentation available on a vendor Web site.

However, he said this would require users to leave login authentication unchanged.

"Many second-tier Australian telcos ship VoIP phones preconfigured. Installation wizards are designed to have minimal user input to make the technology attractive and to reduce support costs but this makes users vulnerable to a very real attack," Wise said.

"Hackers could also use IP phones with packet-capture to record conversations, depending on the type of encryption used. For example SIP 1.0 [session initiated protocol] could be easily decoded, while SIP 2.0 is much harder."

Join the newsletter!

Error: Please check your email address.

More about AvayaGoogleSkypeTelewareVerizon

Show Comments