IP telephony is slowly but surely becoming part of the modern day organization’s day-to day-operations. In fact, some organizations depend on it to the extent of their core business or processes based on IP communications. Sadly though, the security aspect pertinent to IP based communications network, applications, and underlying infrastructure is usually not taken into consideration (or is ignored) when enterprises and businesses think of deploying unified communications.
On the same lines of thought, why should anyone for that matter think of securing an IP telephony network? The answer is simple however manifold:
- To protect the information flowing in IP communication channels from eavesdropping and reconnaissance attacks as well as from manipulation or injection attacks.
- To ensure that the investment in their on-premise or off-premise infrastructure pays off (ROI) and doesn’t end up in a rogue’s hands, utilizing it for malicious purposes.
- To lower Total Cost of Ownership (TCO) by leveraging IP communications to offset PSTN/Toll calls and reducing Moving, Addition, Configuration, and Deletion (MACD) and at the same time, keeping conversations safe.
- Attacks on the telephony network may result in monetary and reputation loss. Moreover, it can directly or indirectly impact the business continuity and clientage.
Today, many organizations depend on a number of IP telephony services like voice calls, instant messaging, conferencing, and video conferencing. A typical IP telephony network can face several threats like toll fraud, reconnaissance attacks, eavesdropping, Denial of Service (DoS) attack, and call hijack. While most organizations do consider that their network needs protection from internal or external threats, such a notion is missing (usually) when it comes to their IP telephony applications/devices.
Read the full article at http://www.ciscopress.com/articles/article.asp?p=1966660
For more insight to Cisco IP Telephony Security refer to Cisco Press book Securing Cisco IP Telephony Networks