liGo NEWS

Is VoIP Able to Defend Against Attacks? Part III

Aside from these complications involved in installing and operating VoIP networks—from cordless phones with integrated VoIP capabilities as well as other VoIP consumer electronics—there is also a very real possibility that businesses may inadvertently end up throwing away more money than they initially intended. One simply has to take a gander at the costs that may incur from having to secure additional security technologies to know that there is quite a good chance of this happening. A considerable number of VoIP technologies admittedly exhibit merely adequate security levels, that in some cases, are simply not enough to protect valuable information without security add-ons, shares Simmonds.

“With regular VoIP, you need to talk to some sort of VoIP exchange, the protocols being used out of the box are really insecure and there’s little authentication built in,” expounds Simmonds. “If you take a standard, out-of-the-box VoIP, a nice Linksys VoIP DECT phone, it’s got web content with default passwords using HTTP, not HTTPS.”

Skype at Work

Meanwhile, Skype, which its creators had planned to be a home version of PC-based telephone communication, can also provide a load of snags and hassles for system administrators. This happens when end-users who are at work start to download the messaging platform. On questions regarding if some IT professionals do support Skype or not, Tim Mather, who is the present chief security strategist for RSA Conferences, expresses the thought that “a better way to put it is that it’s being tolerated in a lot of places, meaning that IT pros will be tolerant of it, but not support it.”

He adds, “If I’m traveling from point to point, and I want to call back home to a loved one here in the states, I don’t have to charge it to my phone card.”

End-user adoption of Skype at work is capable of instigating considerable damage to a corporation’s operations if it leaves the company wide open for a data breach. Still, since it’s one technology that’s at a relatively inchoate state to date, Skype is still untested by a number of IT professionals. So there’s a genuine and strong possibility that solutions may later be found, says Endler.

“You can spoof caller ID very easily. You might be able to know who’s calling you within your organisation,” states Endler. “Skype is adept at getting through corporate firewalls and having information leaving in a way that you can’t monitor it. A lot of people have legitimate concerns over Skype.”