VoIP security straight talk

VoIP vulnerability is getting its due these days, what with the Skype-out, the Las Vegas hackerfest and some hefty VoIP contracts awarded. The most common VoIP protocol, H.323, is a particular target for a variety of mischief--flooding (packet inundation); logic attacks (think junk packets) hijacking (redirecting calls); etc. Sometimes the vulnerability is a result of indolence. Convicted VoIP hacker Robert Moore recently told authorities how systems could often be accessed with the passwords, "Cisco," or "admin."

The discussion about VoIP security is nothing new, but it sometimes exudes a hint of hysteria that belies the entire history of telephone communications. Phone outages are not an exclusively recent phenomena, and at one point, anybody on a particular switch could listen to anybody else on that switch at any time.

That's not to say VoIP vulnerability shouldn't be addressed. Security begins with a methodical assessment of how much protection is needed and where. A reasonably good password may suffice in some cases, while serious encryption may be called for in others.

For More:
-  Brian Prince of eWeek Channel Insider expands on a practical approach here

Related Articles
Black Hats break into VoIP systems Report
VoIP hacker gets two years Report
Nortel to build world's largest VoIP system Report