Privacy and Security Law Blog: VoIP Security

Home > VoIP, VoIP > VoIP Security >

Posted By DWT - 09 | 8 | 2005

VoIP Security

Voice over Internet Protocol (VoIP) security is an emerging issue now, but it is only a matter of time before the risk rises to a level which demands action. VoIP is susceptible to the same dangers as data networks that use the Internet. At risk: any telephone conversation traveling on the company network; sensitive information; deals; strategies; and company secrets.

In July, 2005, Internet Security Systems (ISS) issued an alert to warn users of a security flaw in Cisco's VoIP product which could permit hackers undetected entry to a VoIP network. ISS found an implementation flaw in Cisco's Call Manager, which handles call signaling and routing.

In a financial institution guidance letter, the Federal Deposit Insurance Corp. (FDIC) cautioned banks on VoIP security risks: "If improperly implemented, VoIP can pose significant operational risks to financial institutions." The FDIC advised management to "perform a comprehensive risk assessment before implementation to ensure the confidentiality, integrity and availability of voice communications using VoIP technology."

The National Institute of Standards and Technology issued a report stating that federal agencies and other organizations that are considering switching their telephone systems to VOIP should proceed with caution and carefully consider the security risks

Most corporate VoIP systems are closed, with no Internet connection, and thus do not yet face major security threats. Nonetheless, many organizations are already considering ways to secure their VoIP networks. In addition, employees can download and use VoIP programs like Skype. This type of peer-to-peer program allows free computer to computer VoIP calls over unprotected Internet connections. Employees may find these programs convenient, and management may overlook legitimate use of the program because of the cost savings, but those calls are open to hackers. To address this risk, some companies block the download of such programs, and monitor the software installed on employee computers.

Posted by Brian Wong

Post A Comment / Question

Davis Wright Tremaine LLP

ANCHORAGE : 701 W Eighth Avenue, Suite 800, Anchorage, Alaska 99501-3468,
(907) 257-5300, anchorage@dwt.com
BELLEVUE : 777 108th Avenue NE, Suite 2300, Bellevue, Washington 98004-5149,
(425) 646-6100, bellevue@dwt.com
LOS ANGELES : 865 South Figueroa Street, Suite 2400 Los Angeles, California 90017-2566, (213) 633-6800, losangeles@dwt.com
NEW YORK : 1633 Broadway, 27th Floor New York, New York 10019-6708,
(212) 489-8230, newyork@dwt.com
PORTLAND : 1300 SW Fifth Avenue, Suite 2300, Portland, Oregon 97201-5630,
(503) 241-2300, portland@dwt.com
SAN FRANCISCO : One Embarcadero Center, Suite 600, San Francisco, California 94111-3611, (415) 276-6500, sanfrancisco@dwt.com
SEATTLE : 2600 Century Square, 1501 Fourth Avenue, Seattle, Washington 98101-1688, (206) 622-3150, seattle@dwt.com
WASHINGTON, D.C. : 1500 K Street NW,Suite 450, Washington, D.C. 20005-1272,
(202) 508-6600, washingtondc@dwt.com
SHANGHAI : Suite 640 East Tower, Shanghai Centre, 1376 Nanjing Xi Lu, Shanghai, 200040, P.R. China, (011) 86-21-6279-8560

Privacy and Security Law Blog

Privacy and Security Law Blog

Published By

VoIP Security