ZDNet UK / News and Analysis / Infrastructure / Networking

Businesses failing to secure IP telephony

By Richard Thurston, ZDNet.co.uk, 24 October, 2007 17:36

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Eric Vyncke, Cisco, ip telephony, NAT

NEWS

Businesses are failing to secure their IP telephony networks because of a lack of knowledge, according to one veteran VoIP engineer.

Eric Vyncke, author of LAN switch security: What hackers know about your switches and a distinguished engineer at Cisco, told an audience of security experts on Wednesday that insecure networks could fall victim to hijackers and hackers.

"Nearly nobody is deploying secure IP telephony," Vyncke said, speaking at the RSA Conference Europe 2007 in London. "Why? It's a lack of information."

Vyncke added that, five years ago, a lot of businesses had become deeply worried about securing IP telephony and, as a result, most had chosen not to deploy the technology.

"A lot of customers freaked out," Vyncke said. "They were only receiving one message — that IP telephony is insecure."

At that time, IP telephones could not be authenticated and there was no way to check the integrity of a device. But the technology has since improved, Vyncke said.

The engineer recommended the use of certificates for each phone, but said that the IT department must be able to revoke them if the handset is stolen or returned to the manufacturer.

Vyncke also highlighted potential problems with firewalls blocking encrypted IP telephony traffic. To help prevent that, it is advisable that the signalling and media streams are prevented from diverging, he said.

Read this

Feature
Tutorial: Creating a secure and reliable VoIP solution

Increasingly widespread, it is important to be aware of measures which can increase VoIP's security and reliability...

Read more +

Vyncke added that two techniques have been developed which could help to solve the problem: the Stun protocol (Simple Traversal of User Datagram Protocol through Network Address Translators) and ICE (Interactive Connectivity Establishment — a wider framework developed by standards body the Internet Engineering Task Force, or IETF).

IT professionals should bear in mind that some IP telephony deployments which run over multiple domains can run into difficulties, said Vyncke. In 10 percent of cases, the firewall cannot see the signalling, he added.

"There are issues with IP telephony," Vyncke said. "But you can secure it."

Related stories

Schneier: Beware security products

Businesses urged to tackle VoIP and Wi-Fi threats

Designing a basic Asterisk VoIP system for SIP clients

Can small businesses rely on VoIP?

Ofcom to make it easier to change broadband service

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

txtrainguy

Replying to an old topic that I'm currently facing with my CEO (who is on a Mac). Our servers are primarily Windows Servers, office is about...

1 hour ago by txtrainguy on Windows Server 2008 drops the ball for Mac compatibility
k0tcs3

Sure, that makes perfect sense. Pay wrong-doers money and thank them for breaching your security and pointing out your flaws, that would surely...

2 hours ago by k0tcs3 on US indicts Romanian over NASA climate change hack
Random_Error

I think he's referring specifically to Android apps, as Apple do regulate their App Store, but Google seem to let any old crap onto the Android store!

2 hours ago by Random_Error on RIM: BlackBerry will keep 'garbage' apps out of store
Paul Fezziwig

Keep the crap apps out?! How will they compete with Android and Apple's claim to fame of having so many life changing apps? I wonder if the media...

7 hours ago by Paul Fezziwig via Facebook on RIM: BlackBerry will keep 'garbage' apps out of store
Aigars Mahinovs

It has been shown time after time that if there is an author store that sells the songs at even 1$ per song and gives you a high-quality digital...

8 hours ago by Aigars Mahinovs via Facebook on Copyright isn't working, says European Commission
awbMaven

""As a result of Butyka's alleged conduct, researchers were unable to use the computers for more than two months while NASA removed the malicious...

10 hours ago by awbMaven on US indicts Romanian over NASA climate change hack
subhorup

It simultaneously worries me and uplifts me that a self-proclaimed group of internet activists name themselves after Indian mythical figures....

19 hours ago by subhorup on Anonymous activists release PCAnywhere source code
naviathan

It's actually far easier to work anonymously on the internet than you think. With tools like Tor bouncing your traffic around the world before...

22 hours ago by naviathan on Anonymous activists release PCAnywhere source code
Agnostic_OS

1000272134 and bluedalmatian with you both there but then I'm still in 10.04 land (and happy with it)

22 hours ago by Agnostic_OS on Ten factors that make Ubuntu 11.10 a hit
apexwm

Interesting article and definitely see your points on the products mentioned. One of the top products for our Help Desk (approximately 20% of all...

1 day ago by apexwm on Ten flawed products that derail productivity
Paul Hutchinson

Absolutely - this should obviously not be handled my isp - but handled by their hosting operator. What's been suggested here is that my isp police...

1 day ago by Paul Hutchinson via Facebook on MPs urge ISPs to take down terrorist material
Techs UK

Looks like a great phone. I don't notice any deficiencies in WP7. used IOS before, that's pretty good. I don't spend much time in Apps, all i need...

1 day ago by Techs UK on Nokia pins US 're-entry' hopes on Lumia 900
Larry Bloggy

Now with the help of these apps you are always synced with MS outlook while on the move. Just download apps like xobni or outlookreflex and get...

1 day ago by Larry Bloggy via Facebook on Outlook Social Connector beta 2 and the LinkedIn connector
mike40g123

Your details are wrong. The version currently being made is the one with 2 USB ports, 256MB RAM and a network port. This is the Model B. The...

1 day ago by mike40g123 on Raspberry Pi boards set to go on sale
Moley

The thing that has been puzzling me for quite a while is how Anonymous can remain anonymous whilst not only being active on the Internet but also...

2 days ago by Moley on Anonymous activists release PCAnywhere source code
Don Dilly

If what Semantec is saying is rue, that is even worse and shows a complete disregard for thier users. If what Anonymous claims is true and the...

2 days ago by Don Dilly via Facebook on Anonymous activists release PCAnywhere source code
MattChurchy

Didn't seem particularly biased to me either. Oh though you might have mentioned some other competitors with free search and email services...

2 days ago by MattChurchy on Time for an evil umpire: Google, Microsoft & privacy
Simon Bisson and Mary Branscombe

James - exactly as much as anyone paid you for your comment; I don't feel that I need to say that I'm independant and unbiased, but just for you...

2 days ago by Simon Bisson and Mary Branscombe on Time for an evil umpire: Google, Microsoft & privacy
Carl White

Once they realise symantec are willing to pay real money, they will simply keep extorting, unless of course symantec/authorities can use the...

3 days ago by Carl White via Facebook on Symantec offered hackers $50k in source code sting
Jonathan Hassell

You can find more information on BS 8878 by Jonathan Hassell its lead-author at http://www.hassellinclusion.com/bs8878/ The page includes a...

3 days ago by Jonathan Hassell on BSI publishes first British web accessibility standard

Latest in Networking

Ofcom to make it easier to change broadband service

Google set to build backbone of its 1Gbps fibre network

Nicira reveals network virtualisation details

Featured white papers

Optimize Application Delivery for Global Deployment Of SAP

Blue Coat Systems

Optimize Application Delivery for Global Deployment Of SAP

Read this white paper to learn how optimising your network can make mobile and remote access to BI tools work, and work well, even on a global... Read more

12 tips for better video conferencing

Citrix Online

12 tips for better video conferencing

Whatever benefit your organisation finds in video conferencing, this Citrix Online white paper shows that while your success may begin with great technology, but it doesn't end... Read more

Three tips for better remote working

Imation

Three tips for better remote working

Is your business transitioning to a more remote workforce? This white paper outlines the three ways to efficiently and cost effectively enable... Read more

Inside ZDNet UK

Cabinet Office: no lobby influence on open standards

Cabinet Office: no lobby influence on open standards

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

2012 Olympics: Is your business prepared?

2012 Olympics: Is your business prepared?

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault