Q

Will VoIP attacks result in more than just spam?

Today's enterprises are seeing VoIP installations of every scale. Mike Chapple explains why that means attacks with results far more serious than unwanted messages.

Aside from spam, what kinds of damage can VoIP attacks do?
As I wrote in a recent SearchSecurity.com article, I expect that VoIP attacks will proliferate in the near future. We're beginning to see VoIP installations of every scale. Personally, I no longer have access to a traditional landline telephone. Both my home and business telephone services now use VoIP technology.

You mentioned spam as a potential result of a VoIP attack, but I believe that's the least of our concerns. Honestly, we're bombarded with spam every day -- by email, fax and telephone -- and already have effective means of ignoring it. On the other hand, there are a few significant risks that could result from a VoIP attack:

  • Eavesdropping -- Once voice traffic is rerouted over an IP network, the risk of eavesdropping becomes much greater than it would be on a traditional copper network. Without using encryption, anyone with access to a local or remote network segment carrying your traffic may be able to intercept it.
  • Denial-of-service risks -- It's much easier to carry out a denial-of-service attack on an IP network than on the commercial telephone network. If an attacker directs a botnet to flood your network with traffic, it could crash the data and voice networks at the same time.
  • Call rerouting -- If an attacker manages to compromise your call manager (or perform a man-in-the-middle attack between your phone and the call manager), that person has the ability to reroute your calls. If the attacker uses this method judiciously (say, to reroute your pizza orders from Papa John's to Dominos), you might not even notice that it occurred. On a more serious note, this type of attack could be used in a selective manner to deliberately misdirect important calls. For example, if you have a fax machine connected to your VoIP system, an attacker could reroute outbound faxes to his own system and then forward the faxes to the intended recipient after storing a copy for himself. The intended recipient would still receive the fax, so you'd have no reason to believe anything was amiss.

Overall, the use of VoIP increases your risk profile. I suggest that you read my advice on combating enterprise VoIP risks before designing a deployment for your organization.

More information:
  • Get the latest news and expert advice on VoIP security.
  • A SearchSecurity.com reader asks security management expert Mike Rothman, "Has FFIEC made any VoIP-specific mandates?"
  • This was first published in April 2008

    Dig deeper on Network Protocols and Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close