The VoIP industry has matured tremendously in the last decade. The technology that was once solely used by consumers to make free phone calls is now being adopted by mainstream business organizations. VoIP has grown from being just another alternative among various communication channels to the stage where it is replacing legacy telephone systems completely.
Unfortunately, the massive growth has also attracted the attention of hackers. Several high-profile attacks targeting prominent VoIP vendors have underscored the need for organizations to take a closer look at their security policies. As the frequency and intensity of such attacks has grown, so has the demand for security analysis tools. Many network administrators are turning to their service providers to help them combat fraud and other malicious attacks.
Carriers have been quick to respond and provide professional assessment reports for VoIP implementations. Security assessments can cost tens of thousands of dollars and are usually bundled together with deployment costs. Moreover they need to be undertaken at regular intervals to ensure that security has not been breached. Such services usually include analyzing system architecture, testing the reliability of security protocols and firewalls as well as a comprehensive review of the network and various devices on it.
Which brings us to the question: Are these security assessments really necessary or is it just another buzzword being used by carriers to promote their services? The answer depends upon the size and complexity of the particular VoIP implementation in any company.
Small and medium businesses that subscribe to hosted VoIP usually do not need the security reports. Since the service is managed off-site by the provider, the responsibility of maintaining secure networks also falls on them. There is not much that their clients can do apart from keeping the physical devices safe and make sure that accounts are not compromised by employees due to weak or lost passwords etc.
However, organizations that use their own IP PBX with a SIP trunk can benefit enormously from periodic analysis of their networks. Often IT administrators cannot see the weaknesses in their own system and need an outsider’s perspective. In other cases, security might not have been given sufficient importance or vulnerabilities might have crept in during the implementation phase. A professional analysis of networks ensures that there is no single point of failure and any holes in the system can be patched before hackers can take advantage of them.
Consolidating voice and data traffic onto the same network offers several advantages but also introduces new threats. Organizations need to be proactive in identifying and managing their networks or risk becoming the next target.