Free Newsletter
VoIP security ignored
One reason VoIP networks are not quite as secure as they could be is because the people who use them don't secure them. That was the crux of a survey conducted by the National Computing Centre in Manchester, England.
The survey of 190 organizations found that only 15 percent had implemented any sort of VoIP security. Around 40 percent had only partially secured WiFi networks; 25 percent said formal security training for end users was "not relevant" or "not considered."
Around 60 percent of respondents had an IT security staff of some sort; but security itself accounted for only 3.3 percent of total IT spending. Not surprisingly, the financial sector reported the highest per capita spending on security.
For More:
- The NCC summary of its survey is here
Related Article
VoIP security straight talk Report
Comments
Posted by Paul Lopez | September 15, 2007 - 11:17pm
Many industry researchers say the state of VoIP security is as bad today as it was two years ago, with many adopters relying on protocols that are easy to attack. VOIP sessions are particularly vulnerable to man-in-the-middle attacks where frames sent back and forth between a user's radio NIC and access point during the association process are monitored. As a result, the attacker can learn information about the radio card and access point, such as IP address of both devices, association ID for the radio NIC, and so on. With this information, the attacker can setup a rogue access point (on a different radio channel) closer to a particular user to force the user's radio NIC to reassociate with the rogue access point. We have to encrypt our VOIP conversations because the environment isn’t safe. Think about criminals using spyware to tap the VOIP conversations of judges, prosecutors or the police. Addressing this problem will improve once VoIP communications professionals and IT security specialists can learn the other’s technology.
Paul Lopez
http://lopezunwired.com
SHARE
WITH:
Comments (1) | Post a comment