VoIP gives attackers more options

Firms must have good security policies to survive

Firms could face serious threats to their voice over IP (VoIP) systems in the coming months, according to the latest Internet Security Threat Report from Symantec.

The report, published in September, highlights several attacks that have already been made against legacy analogue telephony networks, which could threaten PC-to-PC calling. These include directory harvesting techniques - which can flood mail servers by using known email addresses to generate other valid addresses from ISP or other corporate servers.

Denial of service (DoS) attacks against voice servers threaten firms that do not keep legacy and IP infrastructures separate, said Symantec researcher Ollie Whitehouse. "VoIP is no less or more vulnerable than any other technology," he added. "In many ways it's becoming a victim of its own success. "

Mark Blowers of analyst Butler Group said companies should not be put off using VoIP technology - because robust security tools are available to stop potential threats.

However, Ulrich Weigel of security specialist NetIQ said technology alone would not protect firms. "People are the greatest risk in the enterprise, there's no patch against stupidity," he said, adding that training is needed to teach staff about the risks of VoIP.

Jon Collins of analyst company Quocirca emphasised that firms must ensure they have good security policies and good risk management practices in place to guard against VoIP-based attacks.