Wednesday, 2 February 2011

VoIP Security

In a recent article for Fox Businesses Joshua Daymont of Securisea Inc revealed that the number of hacking attacks against VoIP system had shown an increase over the last 12 months. Threats posed include listening in or recording phone conversations, stealing sensitive information, and phone hijacking to make expensive overseas calls.

So what should business owners and managers consider:

Changing the Default Password:

The first thing any business should do when set up with VoIP is to reset the account’s default passwords. Leaving the default password intact happens far more frequently than it should.

Encryption:

A business absolutely needs to use some sort of data-in-transit-encryption for its service. This makes sure the voice that’s travelling over the line in the form of data is encrypted, preventing a hacker from listening in on the conversation. Encryption will also keep thieves from using your VoIP connection to make costly overseas calls.

DoS Mitigation Planning:

Because VoIP phone lines transmit via the Internet, they are vulnerable to denial of service attacks (DoS). So planning for a DoS is important and should be considered with your provider.

Don’t Piggyback:

Businesses that use the same router for both VoIP and Internet service (i.e., “piggybacking”) leave themselves vulnerable to hackers. An unencrypted VoIP router can be a hacker’s way into a network. VoIP should always have its own data line.

Beware of VoIP Phishing:

Users should be aware of fraudulent calls known as phising

VoIP hacking poses a real threat so as with any internet service planning and vigilance is necessary.

Joshua Daymont is the principal of Securisea, Inc., an independent information security company that provides security reviews, vulnerability testing, audit assistance, training and advisory services to US and international companies in several verticals. He is a highly regarded national authority on cybersecurity issues for businesses and has presented his research at BlackHat and other prestigious conferences. www.securisea.com

No comments:

Post a Comment