Voice Over IP (VOIP). This type of technology can save money in an organization due to less travel expenses.
A few security risks that organizations, like mine, should be aware of prior to use would be:
- “Internet based; packet sniffers can grab unencrypted traffic
- VoIP security is only as reliable as the underlying network security
- Denial of Service (DoS)
- More ports open (Ruck, N.d.)”
While there are quite a few risks involved with VoIP these would be tops to discuss. VoIP is “internet based” and some can utilize VPN for a more secure line. However, when you use VPN “the result may be delayed VoIP packets. This will cause delay and jitter on the VoIP phone (Ruck, N.d.).
“One simple cause of security issues with a VoIP implementation has little to do with the telephony system. If an existing network has security vulnerabilities, these can be exploited once VoIP is implemented. As it stated, “VoIP security is only as reliable as the underlying network security (Ruck, N.d.)”.
DoS and “more ports open” is as it states. “Out of the box VoIP implementations may leave TCP/UDP ports unnecessarily open and without sufficient monitoring (Ruck, N.d.). Just like any computer service, “unnecessary ports and services should be shut down, and the network should be properly patched for newly discovered vulnerabilities (Ruck, N.d.)”.
“All too often, products release to market without well thought out security” should be looked into prior to just adding to one’s organization. Below are a few tips to help:
- “Remediate vulnerabilities prior to your VoIP implementation.
- Make sure your firewall is VoIP aware.
- If you use an IDS/IPS, you can try to run VoIP behind it
- Have your vendor write up a recommended patching methodology (Ruck, N.d.)”