Golden Rant : What about VoIP security?

I wobbled down to the VOIP for Business event at Olympia last week, to marvel at the surge of new products and services in the Internet telephony industry.

Curiously, though, whilst most show exhibitors were banging on about free and ultra-low-cost VOIP calls - and the reasons why their system was better from a quality of service perspective - no-one seemed to be interested in VOIP security.

By security I don't just mean protecting your VOIP calls from Internet snoopers and eavesdroppers, I'm talking about the fact that VOIP technology poses a security nightmare for most IT managers.

The reason, without going into the n-th detail, is that VOIP requires a number of IP ports to be open on a company network and its allied IP interfacing network.

Normally, most of these ports are closed, to be prevent their use by hackers and other ne'er-do-wells. Opening them up can, under certain conditions, open the door to hacker attacks.

The bad news is that very few conventional IDS and IT security systems actively scan for VOIP-loading malware and allied attacks.

I was hoping that Ofcom would include security at the heart of its new regulatory code for VOIP service providers, which was unveiled this week.

It didn't. Instead the VOIP regulations include rubbish such as the "extent to which the service depends on the user's power supply" and "whether directory assistance, directory listings, access to the operator or the itemisation of calls are available."

VOIP security is way more important than this trash. Implementing VOIP technology really isn't a technology for novice punters to implement on their company or home systems, yet Ofcom treats it like landline voice services.

For Ofcom, the omission of security issues in its new VOIP regulations marks a missed opportunity.

Mind you, it was Ofcom that was responsible for the charging fiasco that the UK directory services has undergone in the last few years...