|
VoIP: cashless talk costs lives |
|
|
|
Thursday, 13 December 2007 |
|
VoIP security? A contradiction in terms.
The SANS Institute, which I’m pleased to learn is the (soi-disant) “most trusted & by far the largest source for information security training, certification & research in the world” is trawling the IT world to reveal VoIP security fragilities. Or, if you want to be critical, it has talked to fewer than six dozen UK IT managers to create a world view.
The SANS Institute says: “We offer renowned Computer, Software & Network Security Training, Certification through our GIAC affiliate, Free Resources for Research & Global Incident Response, In-depth Training in Computer Security, Firewall Protection, Hacking, Intrusion Detection, CISSP CBK & more.” And now it has laid down ‘naughty boy’ measures in the VoIP world.
This global colossus now says that its “experts have warned that the rapid adoption of systems in order to achieve cost savings has led many organisations to overlook vulnerabilities such as VoIP phishing scams, eavesdropping, toll fraud, or denial-of-service attacks.”
More from the oracle: “The research which was carried out by NetIQ amongst 66 IT managers either using or planning to deploy VoIP systems in mid to large enterprises, reveals that more than half of all respondents (59%) rated as “low” or “very low” the threat of viruses or worms attacking their VoIP system. Spam over IP (SPIT) and SIP compromises were equally low on respondents’ radar with only 12% and 18% of respondents, respectively rating these as “high” or “very high” security threats. Just 24% of those surveyed were concerned with DoS or toll fraud.”
66 UK IT managers can’t be wrong, can they? Repeat after me: crap quality and crap security equals VoIP. Next? VoIP is good: but not when its entrusted to a prat with a 2.0 USB plug in his hand.
Jim Chalmers
|
