VOIPs Cry: More Secure Data Nets
Security experts claim enterprise voice-over-IP systems can be made secure, but companies must first take basic steps to secure their data networks.LONDONEnterprise voice-over-IP systems can be made reliable and secure, but to do it, many IT managers will have to do a lot more than theyre doing now, said security experts at this weeks VON Europe conference here. Executives from Alcatel, Hewlett-Packard Co., Cisco Systems Inc. and security firm Codenomicon Ltd. agreed that voice running on a companys IP network is just like any other application, with the same kinds of vulnerabilities and similar processes for ensuring security. The problem, they said, is that many companies are not up to scratch on security best practicesa situation that may be acceptable for e-mail and Web systems, but that can only lead to trouble when voice comes into the picture. "Switching to VOIP broadens the scope of what you have to worry about," said Cisco Technical Marketing Engineer Greg Moore. "It opens up all the problems that affect the Internet, including worms and denial-of-service attacks."
Enterprise IP telephony is distinct from "voice over the Internet" in that it almost always takes place over companies own managed data networks, and thus is insulated from the vagaries of the public network. For that reason enterprise VOIP systems are among the easiest to secure, after long-distance bypass systems, according to Alcatel Director of Security Research Francois Cosquer. More complex are residential systems and especially voice over the Internet, he said.