While they might not be cutting-edge technology, modems attached to critical servers or desktop systems that can be accessed over phone lines still pose a real risk to enterprise networks.
"How many of you think about access to your telephone network? How much attention is paid to your telephone perimeter?" Zmolek asked attendees to the online session, "Facing the Dark Side of Convergence."
Threats from phone hacking include unauthorized use of company bandwidth, subscription fraud and toll fraud, in which attackers use a companys voice system to run up expensive toll calls, sometimes totaling $75,000 or $100,000 over a weekend in bogus charges, he said.
Voice systems can also hold critical data such as passwords and Social Security numbers submitted through interactive voice response systems, he said.
Converged networks increase the number of ways outside attackers can access data on voice systems, by creating bridges between vulnerable data servers and voice infrastructure, and vice versa, he said.
"The weaknesses of one world become a means for threatening the other. A voice exploit can be used to target the data network, and vulnerabilities on the data network are now a problem for the voice world," he said.
Organizations that soberly consider the security risks before they make the transition to converged networks can often address most or all of the security threats with little additional cost to deploy the technology, he said.
Private branch exchange and voice gateway devices usually have security features built in that can restrict the types of services they offer. In addition, technology vendors like SecureLogix Corp. sell voice management and security products that monitor and control access to and from voice gateway devices, much like how Internet firewalls filter data traffic, he said.
The American Red Cross uses VOIP to help with its hurricane relief efforts. Click here to read more.
Ultimately, protecting voice and data traffic involves many of the same steps: hardening critical servers and perimeter defenses, implementing identity and access management technology, and using encryption to protect data from digital eavesdropping, he said.
Still, organizations that plan on switching to VOIP and converged networks just to save money, but arent considering additional applications of the technology or the added exposure that converged networks bring may end up with an unpleasant surprise, as the cost of securing the new VOIP network and preserving quality of service change the calculus of VOIP deployments, he said.
"[Security] doesnt need to change the value proposition … but if the cost of [phone system] adds, moves and changes is the underlying value proposition, thats trivial and I dont think justifies the investment," Zmolek said.
Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.
VOIP & Telephony 
