IT managers complacent about VoIP infrastructure security threats

(04/01/2008)

A recent survey conducted by NetIQ, examining the use of VoIP today within organisations, has revealed that many IT Managers are turning a blind eye to security threats which could compromise their VoIP infrastructure.

The findings come as the SANS Institute in its annual round up of the most significant risks facing end users, recently announced that VOIP servers and phones ranked within their top 20 security risks for 2007. Their experts have warned that the rapid adoption of systems in order to achieve cost savings has led many organisations to overlook vulnerabilities such as VoIP phishing scams, eavesdropping, toll fraud, or denial-of-service attacks.

The research which was carried out by NetIQ amongst IT managers either using or planning to deploy VoIP systems in mid to large enterprises, reveals that more than half of all respondents (59%) rated as “low” or “very low” the threat of viruses or worms attacking their VoIP system. Spam over IP (SPIT) and SIP compromises were equally low on respondents’ radar with only 12% and 18% of respondents, respectively rating these as “high” or “very high” security threats. Just 24% of those surveyed were concerned with DoS or toll fraud.

Whilst the majority of respondents had a firewall in place to secure their infrastructure, less than half had installed security management specifically designed to protect and secure their VoIP system. With analysts predicting 1.2 billion VoIP users by 2012 [1] NetIQ is urging IT Managers to fully assess the threats and ensure they have taken appropriate security measures before deployment.

Ulrich Weigel, Chief Security Strategist for NetIQ comments: “The survey highlights a worrying complacency amongst organisations which have either already deployed or are about to install a VoIP infrastructure. Whilst the advantages in terms of cost savings are a huge incentive I’d urge organisations to carefully consider the potential vulnerabilities which can exist in the network and even in the phones themselves. The main focus for organisations has traditionally been on ensuring voice quality and performance, but vigilance with security – and taking measures such as encrypting voice services and performing regular security audits - is equally important.”

In terms of performance the survey revealed more positive results with 60% of respondents rating high or very high levels of overall user satisfaction and a similar number (59%) rating the levels of cost savings that had been experienced as highly satisfactory.

Related topics:  Application and software security   Firewall   Hacking and intrusion prevention   Network Security   Security management and policies   Security threats and vulnerabilities   VPN 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources