The UK’s SMEs are increasingly using Voice over Internet Protocol (VoIP) in order to cut call costs. Alongside cloud computing, VoIP is a key component in today’s flexible, low cost infrastructure that is supporting business agility and growth. Yet while businesses are increasingly confident to deploy these technologies, far too many are failing to understand the associated risks. The clue is in the name – Internet Protocol. VoIP is not just a new, lower cost telephone system; it using the Internet data connection to provide a voice service – and should be treated as such in terms of security and usage policies.
Unfortunately, most companies are currently blithely deploying VoIP without even considering the security implications. The result is a door wide open onto the server, which is used to host the VoIP service – the same one that is probably used for the rest of the business, and a fundamentally compromised business infrastructure.
In fact, the risk goes far beyond hackers using this unsecured route into the business to access corporate data; the biggest problem associated with VoIP today is so called toll fraud – or more to the point call-jacking. Essentially, a hacking team sets up a number of premium rate lines; gains access to an unsecured VoIP network; and sets up automated dial-ups. Over the course of a weekend, such attacks have been shown to leave the SME with a bill which can run into the £10,000s * and a debt that could easily tip it over the edge. To add further context, the Communications Fraud Control Association’s (CFCA) Global Fraud Loss Survey attributed $8 billion a year to toll fraud globally – and $1.2 billion of that is in the UK.
The fact is that, historically, the industry has been guilty of sweeping the issue under the carpet due to both the perceived cost of voice firewalls – Session Border Controllers (SBCs) – and because VoIP purchase typically falls between the telephony and data teams – security just hasn’t come on to the agenda.
However, It is time for organisations to change this outdated thinking and exploit the latest generation of cost effective, indeed freemium, voice firewall products now available. And with the voice firewall in place, an SME also has the foundation for the multi-layered security model required for every aspect of the infrastructure.
VoIP is hugely compelling and with the rise in excellent broadband connections, growing numbers of SMEs will opt for this low cost approach. However, any Internet related deployment demands security – and it is only by applying the same level of rigour to voice security that has become standard practice across data networks that SMEs will truly gain the value of VoIP without running the risks of business damaging breaches or call jacking.
By Paul German, CTO & Founder, VoipSec
About Voip
VoIP is short for Voice over Internet Protocol.Voice over Internet Protocol is a category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls by sending voice data in packets using IP rather than by traditional circuit transmissions of the PSTN. VoIP takes analog audio signals from your phone and turns them into digital data, and transfers them over the Internet. VoIP works just like a regular phone, but instead of using the high priced telephone company’s wiring, VoIP routes your phone calls directly to your telephone using your high speed internet connection.
- http://www.bbc.co.uk/programmes/b04wwcp4 (ref. approx 23:05 minutes)
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.