VoIP Security Threats Identified for 2009

Mark Collier, chief technology officer and vice president of engineering at SecureLogix, expects the number of Voice over Internet Protocol (VoIP) deployments to slow this year, thereby leaving the rate of VoIP attacks unchanged.

In summarizing his predictions—identified in the “VoIP Security Trends and Predictions for 2009" annual report posted today to Collier's popular VoIP security blog at www.voipsecurityblog.com, Collier noted “the poor economy will slow the adoption rate for VoIP and unified communications (UC), and the rate of pure VoIP attacks will be basically the same as in 2008. "

Denial of service (DoS) attacks, including floods, fuzzing, etc., will continue to be the biggest vulnerability for VoIP/UC deployments, though attacks will not be very common, he continues. "However, I think the real voice security story through 2009 will be the continued increase in the types, frequency, and severity of application-level attacks against traditional and VoIP/UC voice systems, such as toll fraud, data network penetrations via modems, phone-based social engineering and identity theft, fax spam, and harassing or threatening calls.”

Collier added that “a larger transition to VoIP/SIP trunking at the enterprise network edge is the real lynchpin that will escalate the number and frequency of pure VoIP attacks in the future. While I think we’ll see a small increase in the adoption of SIP trunks in 2009, most enterprises will continue to use T1 or ISDN/PRI trunks for off-campus calls, thereby keeping VoIP security threats as largely an internal network risk or concern.”