VOIP - The Threat Landscape

The standard phone system has a history extending back more than 100 years. For most of this period the phone system has delivered a relatively secure and mostly trust-worthy service. The phone networks are operated by the various national telecommunications corporations or by large companies who carefully control access to those networks.

Issues of the security of these networks and specifically the risk of attack by 3rd parties are rarely considered. For these reasons, the Telecommunications sector has not spawned an independent security speciality and has nothing like the range of security products and technologies we see in the IP networking sector.

VoIP changes all this by moving telecommunications services to the IP networking realm. The threat landscape in the IP world is radically different. The Internet is the wild-west compared to the sedate and controlled world of telecommunications. While is it not impossible to run a successful VoIP service on a public IP network, we do need to be aware of the threats and to ensure that the appropriate security controls are in place. Moving telephony services from the relatively safety of the telco networks to the challenging world of IP networking requires a different mind-set and a much greater awareness of the risks.

The security threats facing VoIP networks and systems can be categorised in three areas; IP network level threats, application and protocol specific threats and content related threats.

Peter Cox, CTO of Borderware, will be speaking at FIRST Security Conference in Sevilla. FIRST is the premier organization and recognized global leader in incident response. For more info, visit FIRST's website at http://www.first.org.