September 20, 2006

VoIP Systems Subject To Security Risks?

Some experts are saying that VoIP in the enterprise represents serious security risks [CIO], making a company vulnerable to vishing (phishing via VoIP) attacks. One anonymous security researcher claims that bank networks will be subject to penetration and the phone lines to hijacking - thus leading to the theft of credit card numbers and bank account data.

Now I'm not a VoIP security expert, but I can make an educated guess, based on my many years of computer experience, that this guy, who goes by the pseudonym "The Grugg", is grossly exaggerating the security issues, potentially to gain some attention. It's absurd to think that banks, who have been dealing with electronic security issues for several decades now, would even think to put their data and VoIP networks on the same lines. Besides telecoms, I've worked at a big mutual fund company. Even they had backup and redundant networks, with firewalled access to account information.

While it's likely true that little technology exists at present to filter out vishing attacks, there's nothing that says a bank's data network has to run on a VoIP network. And just because a bank's telecom system is converted to IP telephony doesn't mean the data network is suddenly at risk. In fact, if someone wanted to mount a vishing attack on a bank, they could do so already using an existing VoIP system (sorry, not going to tell you how). And they wouldn't have any more or less success than if the bank had a VoIP network or not. (On the other hand, a VoIP phone system could potentially be taken offline by a DDoS (Distributed Denial of Service) attack if a load balancing system is not in place.)

Despite what The Grugg (give me a break) is saying, I'm not so sure that bank data networks are at risk. Of course, I could be proven wrong, but let's hope I'm not, as this expert is saying that vishing attacks on banks will probably start later this year. I wonder how he knows this.

--
Did you enjoy this post?

September 20, 2006 in Business, Networks, Security | Permalink

Free VoIP Newsletter

Subscribe to The RFID Gazetteer, published monthly. Enter your email address:

« Alarm.com Signs Second VoIP Partner | Main | VoIP Roundup - Thur Sep 21/06 »

Syndicate

Add to My Yahoo! Add to MyMSN
RSS Feed Subscribe at NewsGator Online Subscribe at Bloglines

Click Here

Features

Categories

Archives

Blogroll

Feedback

Network