VOIP-Specific Attacks Not an Issue Yet

The next target hackers may turn their attention to is voice over IP, as it is increasingly viewed as a killer application.

To date few hacks of VOIP systems have been publicized, although a handful have been targeted at consumer VOIP services from the likes of Skype and Vonage. Luckily, enterprises that have installed VOIP systems with security as an afterthought have seen few attempts to compromise the technology.

"That's been a big bogeyman, but we take great care in securing our networks from any threats, and we did that before we put voice on our network," said Dave Duchaj, senior vice president of Information Technology Services at First American Bank.

For more on securing VOIP systems, click here. 

Which is not to say that vulnerabilities don't exist in enterprise VOIP systems.

"You'll see vulnerabilities, but we don't see lot of evidence of real attacks—yet," said Mark Collier, chief technology officer of SecureLogix, a San Antonio-based company that performs security assessments for enterprises.

"We've been brought in a couple of times when people have had real attacks, but they are pretty uncommon," added Collier, co-author of the book "Hacking VOIP Exposed: Voice over IP Security Secrets and Solutions."

As enterprises come to rely more heavily on VOIP for their business communications, it's only a matter of time before such attacks gain steam, believes Dave Endler, director of research at 3Com's Tipping Point unit in Austin, Texas, and co-author of "Hacking VOIP Exposed."

"There have been more vulnerabilities discovered over the last year than in previous years. We're seeing more issues being found and fixed by vendors. It is becoming an attractive target," said Endler.

Next: Best Practices >>