The dos and don'ts of VoIP security

Although there is precious little evidence of VoIP security attacks, organisations cannot afford to be complacent. Make no mistake, VoIP is an attractive target for hackers and malware writers.

To demonstrate the potential danger that enterprises with unsecured VoIP systems face, the Voice over IP Security Association (Voipsa) has published a list of publicly available tools that target VoIP applications. There are signs hackers are now turning their attention to voice over IP and most security commentators believe the first major attacks will occur over the next six to 12 months.

This means all enterprises need to ensure their VoIP infrastructure is protected, although this needn't be an onerous undertaking.

The simple fact that VoIP now typically comes under the aegis of the IT department should in fact help security. Although running proprietary operating systems, PBXs were in fact open to a large range of security attacks. It was generally just a little harder to access and required specialised knowledge.

While VoIP has increased the number of people able to exploit a corporate phone system, the tools and expertise to protect the technology have also been improved.