I just happened to attend a conference, about two weeks ago, on ToIP (ie Telephony over IP) security and risk management. I was truly impressed by the quality of the content that (presented by Pierre Texier, iLion Security). In a nutshell, implementing ToIP at the enterprise level should definitely be a thoughtful move, and shall be managed by a person or a team having a thorough knowledge of the domain.
- Phreaking, are scams over the phone;
- Vishing, is the equivalent of phishing in ToIP;
- SPIT, is SPAM over Internet Telephony;
- You should not ask yourself if you’ll be one day switching to ToIP, but rather when and how you’ll do it;
- ToIP generates new, possibly high impact threats, like eavesdropping, wiretapping, intrusions, scams and D/DOS;
- ToIP reduces communication costs and thus greatly enhances the probability that these new attack scenarios happen;
- Risks: confidentiality, availability and image;
- Start securing when the ToIP project starts;
- Revise your security policies, best practices, dashboards and continuity plans, to integrate ToIP.
Does this post spark off some interest ? If you plan to setup ToIP in your enterprise, then I sure hope so. In the meantime, don’t hesitate to post your comments here.