|
The Top Five VoIP Threats |
|
|
|
Written by Adam Gosling
|
|
Tuesday, 01 November 2005 |
Systems integration firm Integ has been touring the country with Juniper Networks educating corporates about the dangers of SPIT and other annoyances that may afflict them as they move their telecommunications infrastructures over to the malware and hacker plagued world of IP networking.
The two companies, with help of IDC Australia have put together their list of the top five dangers of Voice of Internet Protocol telecommunications. The list was top threats was put together based on research done by IDC, AUS-CERT and a wealth of vendor and customer experience contributed by Integ, Juniper and their customers.
First on the list is the relatively easy to launch Denial of Service attack. Real time network solutions such as VoIP and video conferencing are particularly vulnerable to DoS attacks because they rely so heavily on efficient routing and switching to carry significant amounts of data in a time sensitive QoS environment.
The second most likely source of network security nightmares emanating from the rise of VoIP is the likely growth of SPIT. The third leg of SPAM, SPIM and SPIT, or spam over Internet Telephony has potential to cripple productivity if it grows to the point where users are getting hundreds of SPIT messages in their inbox or voice mail. Dealing with is likely to be the second biggest hassle for VoIP network managers.
Third in the Integ/Juniper list is virus. The challenge for network security managers is to scan potentially large amounts of voice data traffic in real time without latency.
Fourth? The potential for eaves dropping or listening in on potentially commercially sensitive conversations and finally, number five, Toll Fraud already an issue in the POSTN network could grow to pandemic proportions in the IP world.
Putting together a defence against this range of threats is not dissimilar to defending a data network against attack explained Juniper Network’s Shaun Page. The challenge is to do this without disrupting the flow of communications in what is a QoS environment where users expect 100 per cent perfection.
Of course no solution is identical, either says Integ CEO Ian Poole, but the biggest challenge is awareness. IDC’s Landry Fevre points out that research suggests that more than 40 per cent of VoIP implementers don’t recognise any significant threat.
In reality, though, banks and other large corporates which are the early VoIP adopters are likely to be the largest honey pots for attracting security threats.
“Our research shows that PBX replacement is likely to peak around 2007 and 2008 – we know from global experience that this is when hackers will mobilise in larger numbers,” said Landry Fevre, Research Director Telecommunications, IDC.
Poole says key to a successful and secure IP Telephony roll-out is to consider security from the very beginning. All too often, says Poole, users are installing their VoIP network and then thinking about security afterward.
“Users need to install adequate security at the same time as they implement telephony solutions that contain IP access points,” he says.
In contrast, IDC’s Fevre has research that indicates a considerable number of implementers don’t even feel threatened. For example, 62 per cent of survey respondents with a VoIP network indicated that they didn’t see wiretapping as a threat for their organisation. More than forty per cent didn’t see Denial of Service attacks as a threat either.
It all adds up to what Poole describes as a lack of technical VoIP skills and knowledge in the majority of organisations. Integ is offering companies interested in deploying VoIP solutions a pre-implementation health check to highlight area of potential vulnerability that need to be addressed prior to (or in conjunction with ) deployment.
The Top 5 Threats To VoIP Networks:
1)Denial of Service
Can cause all voice services (internal, external incoming and external outgoing) to be lost. In 2005 denial of service attacks on data networks alone caused an average financial loss of $596,200 per organisation*.
2) Spit
It is estimated that 80% of the world’s e-mail traffic is SPAM. As organisations plug the holes in their e-mail security, attackers will look to voice traffic as a means of driving spam into the network. SPIT (Spam over IP Telephony) attacks could mean voicemail systems will be overflowing with thousands of unsolicited voice messages each day.
3) Virus/Worm
As virus writers begin to target IP telephones, anti-virus vendors will need to introduce IP phone anti virus applications that are effective without introducing unacceptable latency. Cleaning up after a virus amounts to lost productivity. Last year this totalled around $50,656 per organisation on data networks*.
4) Eavesdropping
Eavesdropping is the unauthorised listening and/or theft of confidential information. Sensitive corporate information frequently passes through voice and data networks. This information can be valuable to an organisation’s competitors.
5) Toll Fraud
Toll (or telecommunications) fraud has long been a problem with legacy telephone networks allowing free or low cost telephone calls to be made. Toll fraud can also be achieved if call accounting records are accessible and can be modified. It is estimated to cost Australian organisations an average of $4,333 per year*.
* All financial impact figures were obtained from the AusCERT Australian Computer Crime & Security Survey 2005.
www.integ.net.au
Related news items Newer news items
Older news items
|
|
|
|
