Organisations that use a single network to transmit telephony and data services should take precautions to protect against business continuity threats, a leading security body has warned.
Security | 23 Jan 2006 :
Data and voice convergence brings host of new threats
Adoption of
voice over IP (VoIP) telephony could present companies with sophisticated
security threats, including caller ID spoofing, denial of service (DoS) attacks
and voicemail spam, said the Information Security Forum (ISF).
The ISF, an
association of 270 leading businesses, also said many of its members are
concerned that organised criminals will try to sabotage firms by bringing down
phone systems through DoS attacks and by spreading viruses.
“There are all
the same risks that we are meeting already with data networks, such as viruses
and worms,” said ISF consultant Nick Frost. “But then there are new scams such
as caller ID spoofing and spam over internet telephony.”
The report
warns that spam over internet telephony is one of the most dangerous threats
resulting from the increased use of VoIP.
“In the past,
spam via email was the preferred route because it was easy and free, whereas
sales calls over the phone cost money and were traceable,” said Frost. “But now
we have internet telephony this is cheaper for spammers.”
Internet
telephony spam could also lead to reduced productivity, because staff would
spend more time deleting unwanted calls. In extreme circumstances it could
overload systems and cause downtime.
“What is a
great idea with great functionality could become a burden,” said Frost.
Other risks
from VoIP include the interception of sensitive telephone calls, redirection of
calls and packet injections, where words are inserted into the data stream
mid-conversation, said the ISF.