Among the威胁that keep ITsecuritymanagers up at night, attacks against phone systems have often ranked near the bottom. The last time we asked IT leaders about their telephony security plans, just 2% had experienced a security incident, and in almost all of these cases, the attack was internal misuse of phone systems for personal long-distance calls. Few had developed any sort of comprehensive security or risk analysis plan covering their voice systems.
即使在过去几年中,数码电话系统迁移到IP,也没有做出促进安全问题。确保支持加密的能力是每个RFP上的一行项,很少是组织实际启用它。相反,大多数架构师依赖于假设,因为他们的IP电话系统通过TDM-to-IP网关与公用电话系统分离,并且逻辑地从内部隔离应用程序via separate VLANs, they are safe from attack.
They couldn't be more wrong.
谢谢SIP trunking, unified communications, and fixed-mobile integration the walls around telephony systems are falling, exposing critical communications to new risks, new vectors of attack, and a need for proactive security approaches.
Also watch:最糟糕的网络安全时刻
SIP trunking deployments rose 61% in 2009, while 96% of the more than 200 companies participating in our research benchmark are either planning future deployments or evaluating services. SIP trunking provides a direct IP-based interface between a public network service and an enterprise's on-premise telephony/UC platforms, raising security concerns. As a result, more than 74% of companies are either deploying, or planning to deploy SIP-aware security devices such as firewalls or session border controllers as part of their SIP trunking initiative.
Meanwhile the old idea of isolating voice onto its own VLAN to protect it from other network threats is gone thanks to unified communications. With deployments of UC clients encompassing voice, video, and chat into a single application, it's virtually impossible to isolate voice traffic from other application traffic. As a result, most voice/UC deployments now include application optimization to prioritize voice services ahead of other network traffic, protecting voice during denial of service or other attacks that constrain available bandwidth and processing power.
Finally, an increasing number of IT leaders tell us they are taking another look at IP telephony plans based on replacing digital phones with IP handsets; finding that these plans are falling out of sync with a growing virtual and mobile workforce that spends less and less time in a fixed office. Instead, IT leaders increasingly seek to leverage technologies such as softphones and fixed-mobile integration to enable their workers to use their cell phone just as they would use a desktop extension. FMC raises significant security concerns, not only from the need to allow access to enterprise telecom systems from devices residing on public networks, but also because of the need to protect data stored on a mobile device in the event of loss or theft.
The bottom line? The old calculation based on "I'm safe, because I'm isolated" no longer adds up. Security and telecom managers who neglect voice do so at their own peril.
Lazar is vice president and service director at Nemertes Research and is filling in for Andreas Antonopoulos this month, Andreas will be back soon....