We are living in a world where almost a third of all businesses and home users in America are utilizing some form of VOIP technology. This may be to empower whole calling centers, or alternatively it may be on a smaller scale for inter-departmental communication.

2008 saw a record growth year in VOIP technology, and it also saw attacks against VoIP networks increase exponentially. As a result, many corporate networks whilst protected against internet-based attacks are still vulnerable against VOIP targeted breaches.

It is surprising to see the lackadaisical approach to security that many organizations are taking. In three years, analysts predict that VOIP will overtake traditional PSTN technology, and given the vulnerabilities of VOIP, organizations need to ensure that they have acted appropriately in order to mitigate the security risks.

What are the Security Risks of VOIP?
VOIP is an IP-based technology. Given the fact that data travels throughout the internet, this means that it is vulnerable to multiple points of interception unlike that of PSTN communications, which have remained relatively, secure in comparison.

IP Data is Vulnerable to Eavesdropping. Because many businesses are using VOIP equipment to conduct sensitive business transactions, they are becoming victims of direct man-in-the-middle attacks. Such attacks are preventable with good security policy.

VOIP Networks are Vulnerable to Direct Attack. Malicious attacks are increasing that are targeted specifically to VOIP networks. These attacks normally flood VOIP traffic to try to cripple the organizations infrastructure and effectively it allows attackers to gain unlawful access to information systems.

Given the main risks of VOIP technology, organizations have had to develop truly multi-layered security policies, which can safeguard voice and data systems at the same time. A typical multi-layered security policy does not aim to stop attackers entirely, but uses technologies such as VOIP encryption and file encryption to ensure that if networks are breached, then sensitive information will never be vulnerable.

Wireless networks have popped up in every town, every city and almost every corporation. Our government relies on thousands of networks nation-wide due to their flexibility and ease of installation.

However, wireless networks are also a way for potential attackers to gain access to whole clusters of computers that are constantly transmitting sensitive data. All it takes is for an attacker to acquire a network key and they effectively have all that is required to destroy corporations and steal identities.

In general, the importance of wireless access key security is grossly under-estimated. Many home users have installed networks for their own convenience, only to find out that they have been cracked in seconds due to the much-flawed WEP security protocol.

This has allowed hackers to eavesdrop on all information that is being sent over the network from a nearby physical location in relative safety. This has allowed many “war-drivers” to effectively invade whole neighborhoods of wireless networks and take copies of potentially dangerous information.

In a corporate world, wireless networks are ordinarily secured to an extent where access is restricted to authorized computers only. This has done a great deal in limiting drive-by attackers from penetrating the network, but there is a great deal of negligence when it comes to ensuring that wireless network range is limited to specifically targeted areas. As a result, attackers can target even corporate wireless networks and in some cases, even the apparently strong security can be breached.

Wireless network encryption is only part of the issue as it is not a case of inadequate technology, but over-reliance on a single point of defense – i.e. wireless network keys. Any experienced security analyst will be the first one to advocate the use of multiple points of defense, from firewalls to intrusion detection systems and of course by using third party encryption products, such as the freely available Gold Lock Desktop.