Digital phones: Is someone listening in?
September 2, 2010 by Steve HannafordPosted in: In this week's e-newsletter, Latest News & Views, Security
Internet-based telephony (known as VOIP, or voice over Internet Protocol) is being adopted in businesses across the country, thanks to its promise of lower monthly costs and easier administration, along with a set of productive software features (such as FollowMe call routing, voice mail e-mailing and phone number portability).
It looks very likely that this technology will completely replace analog phones in the not-too-distant future, at least in most companies.
But with every advance comes a new threat. With analog phone message interception, the hacker has a few conventional ways of getting on the system, whether by breaking into your office and attaching a bug or by tapping the main phone trunk liens or exchanges. These are high-expertise, high-cost attacks.
But, as one analyst points out, “Unfortunately, phone calls from your computer are fundamentally different from phone calls from your telephone. Internet telephony’s threat model is much closer to the threat model for IP-networked computers than the threat model for telephony.”
A lone hacker with a. few software tools (such as a packet sniffer) can, with far less difficulty, intercept your calls at multiple points along the transmission. Digital voice data can be intercepted by establishing a spyware application on your network and the data can be sent out for monitoring to anywhere on the Internet with no wire-cutters or alligator clips required.
Experts in the business strong recommend encryption when using a VOIP system. There is a range of solid tools for making sure that voice transmissions, as they go over the Internet, are almost impossible to use if intercepted. Some are third-party programs, others are vendor-specific.
Tools for data encryption are widely available, but according to one report, they are rarely used.
Note that encrypting a phone call involves having both sides capable of encrypting and decrypting data. That means that encryption works best within the company, such as in organizations that already have a VPN (Virtual Private Network) set up to protect text-based data transfers. It is also possible to coordinate encryption with out-of-local-network people you frequently exchange calls with.
Encryption is just one part of the security issue. An even bigger threat is simply put a Trojan Horse program on a PC or a server that intercepts the call before it is encrypted or after it is decrypted. That means you must make sure that your basic antivirus protections are strong, and that you get expert in monitoring network activity.
Your VOIP provider should offer you services for setting up and monitoring security. If they don’t have that kind of expertise and are incapable of consulting with your company about t, you have a problem.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Tags: encryption, phone calls, Voice over IP, VOIP
Loading ...
