by Grant Gross

VoIP Security Debate Heats Up

Aug 01, 20052 mins
IT Strategy

Voice over IP (VoIP) telephony and malicious software for mobile devices are among the most-hyped IT security threats, according to Gartner.

Lawrence Orans, principal analyst at Gartner, and John Pescatore, vice president and Gartner fellow, say that while attacks on IP telephony and mobile devices may come eventually, vendors of security technologies and services have overblown the current danger of such attacks. They say businesspeople are worrying so much about overhyped threats that they’re not deploying technologies that can help their companies, such as wireless LANs.

These worries are, for now, unfounded, says Orans. Since eavesdroppers need access to the corporate LAN, it’s currently nearly impossible to eavesdrop on an IP telephone call without being inside of the building where the call is initiated or received. Meanwhile, says Pescatore, viruses and worms that attack smart phones and other mobile devices will have a limited impact because there is, as yet, no mobile operating system as dominant as Windows is for PCs.

The vendors beg to differ. Stan Quintana, vice president of managed security services for AT&T, says protecting VoIP networks is more complex than protecting data-only networks. Users of IP telephony need to secure not only their phones and IP servers, but also signaling and other voice equipment. Meanwhile, Vincent Weafer, senior director of Symantec Security Response, says that while mobile device security isn’t a big issue now, his company is trying to educate users. “What we’re trying to tell people is, if they’re deploying these devices, they should deploy them in the right way,” Weafer says.