VoIP: Paying the price for cheap calls

• Tags:
• VoIP

Cath Everett ZDNet.co.uk

Published: 08 Aug 2005 17:10 BST

• 
• 
• 
• 
• 

Depending on who you talk to these days, the security issues around IP telephony are either likely to bring about Armageddon or are massively over-hyped.

One man firmly in the former camp is David Lacey, the Royal Mail's director of information security and chairman of the Jericho Forum, an international group of IT user and vendor organisations that focuses on security issues. At the annual Business Continuity Expo in London's Docklands in March, he warned that "an electronic Pearl Harbour-type event will happen in 2006 or 2007" because "new technologies such as VoIP risk driving a horse and cart through the security in our networks".

Lacey's main concern was that companies may rush to take advantage of cheap telephony services without undertaking the necessary due diligence around security issues.

But analyst group Gartner takes a quite different stance. It believes that widely voiced concerns around malicious individuals being able to eavesdrop electronically on IP calls are overstated, not least because perpetrators would need to be hooked up to the same LAN as the IP phone they are targeting. The analyst firm is concerned that organisations will be put off moving to the technology because of hype designed to fuel fears and sell more security products.

So how much of an added security risk does VoIP actually pose and what is the reality between these two differing points of view?

Ian Williams, a research director at Datamonitor, for one, believes that both are correct, just in different ways. On the one hand, he points out that, as head of the Jericho Forum, which aims to both provide security best practice to peers and ensure that vendors are catering to users' needs, Lacey's views carry weight and he has no real reason to exaggerate.

"He's not just being a doom-monger. He's basically saying that people should take time to ensure that they've battened down all the hatches and have looked at the potential security implications rather than moving to VoIP in haste," Williams says.

The issue is that, when voice becomes an application, it also becomes subject to all of the same security threats as other applications on the data network and so, given its key role in enabling business communication, has to be adequately protected.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed