As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems. . . .
As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems.

"With VoIP," security specialist Mark Nagiel said Thursday in an interview, "we're inserting a new technology into an unsecured and unprotected environment. VoIP is essentially availability driven, not security driven, and that's the problem." But Nagiel, manager of security consulting at NEC Unified Solutions, said that there are measures that can be taken to protect voice over IP from the threats that confront Web telephoning.

The first step--an obvious one, he says--is to secure existing TCP/IP networks. Nagiel is finding that the new government-required regulations--such as Sarbanes-Oxley, which stipulates improved accounting record-keeping, and HIPAA in health care--are helping IT managers because they impose security discipline across-the-board. "The financial and health-care fields are getting secured very quickly," Nagiel said.

Even so, there can be difficulties. He noted that although hospitals' protection of patient records generally has been excellent, they often neglect to completely secure physicians' conversations. Security managers can overlook the fact that voice over IP conversations can reside on servers that can be hacked.

The link for this article located at InformationWeek is no longer available.