Hey, you're new around here aren't ya? Did you know you can every post FREE in your EMAIL or via RSS? Oh and if you're a Twit like me you can follow me on Twitter HERE. Enjoy the post.
Red Herring has a ‘brow raisin’ article on the potential security risks for businesses using VoIP. I found it to be ‘brow raisin’ not because it presented new information, but it mis-represents, mis-informs, and is filled with “half-truths” all in what appears to be nothing more then scare tactics. Yes, there are security concerns with VoIP, and I even agree with this statement,
“They should be concerned with the VoIP system’s susceptibility to the very problems faced by the data network, such as VoIP versions of spam, phishing, and denial of service attacks.”
But statements such as,
“Quality-of-service concerns have kept VoIP on the corporate intranet where it can be contained rather than on the public Internet where traffic could not be easily controlled,”
From supposed experts really kill me. This kills me because this is a half truth. Most businesses are not using skype or Vonage - they are using a business class service, a service that might include VPN connection to the service providers CO, packet prioritization, and a host of other QoS improvements. They speak as if business class service is the same as peer-to-peer.
That statement was just a warm-up to the last part of the article:
“Vendors are pushing their existing security products to businesses, but these products focus on the public Internet, which is not normally a component of enterprise VoIP networks,†said Mr. Titterington.
“In the process, they fail to meet the most urgent security requirements of enterprises, and do not address the specific risks of using VoIP over the corporate intranet,†he added.
Mr. Titterington believes that service providers should take more responsibility in informing their corporate clients of the nature of the threat and the available protections.
“Service providers have a unique and trusted position in the telephony space, so they should be more of a role model,†he said. “At the end of the day, vendors provide products people need, but traditional service providers have the primary responsibility to offer information and direction.â€
So your telling us that VoIP Security products manufacturers pushing the wrong products to businesses, neglecting the enterprise intranet, yet your putting the burden of education and direction in the hands of the service provider? Ha! Last time I checked, my traditional service provider (PSTN provider) wanted nothing to do with our corporate intranet, because well, why would they? The only motivation a traditional service provide has, in terms of “information and direction” to is to prevent corporate customers from adopting VoIP outside of the corporate intranet through mis-information, half-truth’s, and scare tactics.
My advice on VoIP Security?
Check out these sites: VoIP Security Blog, VoIP Security Podcast, VoIPSA Blog
{ 1 trackback }
{ 0 comments… add one now }
Leave a Comment