As applications become more widely deployed, the risk of attack grows. No one would consider connecting a web server or email server to an IP network without effective security, yet many VoIP systems are running without security controls. If anything VoIP systems and applications are more susceptible to attack than standard IP applications; the applications are more complex, VoIP is much more time sensitive than other IP application and there are more attack points (phones and infrastructure components).
The standard response, that "my VoIP network is not at risk because it has no external connections" overlooks some key facts.
- with increasing Voice/Data integration it is hard to maintain this level of isolation
- not all attacks and threats originate from the outside world
- the technologies used for separating VoIP and data networks may have flaws
Running a VoIP network without adequate security risks compromising the security, integrity and continuity of the service. We rely on the phone for both business and personal use. Disruption, loss of service and the risk of loss of confidentiality is both unacceptable and can direct financial consequences.
The security assessment services provided by VoIPCode.org look beyond the obvious IP threats and vulnerabilities, focusing on the VoIP specific threats that have the greatest potential for disruption.