TOIP Security


I just happened to attend a conference, about two weeks ago, on ToIP (ie Telephony over IP) security and risk management. I was truly impressed by the quality of the content that (presented by Pierre Texier, iLion Security). In a nutshell, implementing ToIP at the enterprise level should definitely be a thoughtful move, and shall be managed by a person or a team having a thorough knowledge of the domain.

Key terms:

  • Phreaking, are scams over the phone;
  • Vishing, is the equivalent of phishing in ToIP;
  • SPIT, is SPAM over Internet Telephony;

Key points:

  • You should not ask yourself if you’ll be one day switching to ToIP, but rather when and how you’ll do it;
  • ToIP generates new, possibly high impact threats, like eavesdropping, wiretapping, intrusions, scams and D/DOS;
  • ToIP reduces communication costs and thus greatly enhances the probability that these new attack scenarios happen;
  • Risks: confidentiality, availability and image;
  • Start securing when the ToIP project starts;
  • Revise your security policies, best practices, dashboards and continuity plans, to integrate ToIP.

Does this post spark off some interest ? If you plan to setup ToIP in your enterprise, then I sure hope so. In the meantime, don’t hesitate to post your comments here.

Mots clés Technorati : ,,,,
0 comments… add one

Leave a Comment