Voice over IP technology is too insecure to replace
traditional business telephone networks, the chief security
officers of two City banks warned last week.
Andrew Yeomans, vice-president of global security at Dresdner
Kleinwort Wasserstein, and John Meakin, group head of information
security at Standard Chartered Bank told the Infosecurity
conference that VoIP had a long way to go before it was secure
enough for major business use.
“There are business advantages. The big problem is trying to
balance these against the security flaws. VoIP solutions have been
designed on the assumption that everyone is good and not out to
attack systems,” he said.
Businesses were likely to face a rude awakening if they switched
to VoIP expecting to make significant savings, Yeomans said.
“Many cost savings are illusory. People have seen their phone
bills with Skype and assume they get free calls, but they do not
include the broadband tariffs,” he said.
A high-end analogue phone costs £40, but an equivalent voice
over IP phone can cost £120 – a cost that can rapidly add up for
firms with thousands of staff.
Meakin said having voice and data on the same network was the
communications equivalent to putting all your eggs in one basket.
“I think VoIP can be secure, but the price is too high, given the
state of security,” he said.
Although risks can be mitigated by using separate virtual
networks and encryption, this can be difficult, and can play havoc
with firewall settings, said Meakin.
The banks said it was only a matter of time before hackers
started writing viruses designed to intercept VoIP communications,
or which exploited VoIP networks to infect IT systems.
But Andy Thompson, head of infrastructure security services at
Capgemini, said security issues were surmountable with proper
planning. “Cafe chain Pret a Manger is using VoIP to save £10,000 a
month. There are hundreds of other examples of real business
benefits. This stuff really works,” he said.
Read:
Infosecurity Europe
Voice over Wi-Fi for business on way
Cisco Systems is working with chipmaker Intel, mobile phone
company Nokia and Blackberry maker Research In Motion to provide
voice over Wi-Fi systems for enterprises, writes Tash
Shifrin.
The move towards voice-ready wireless networks is in response to
increasing business interest in the benefits of wireless working
and voice over IP technology.
The collaboration aims to ensure mobile device manufacturers can
produce handsets that are interoperable with Cisco’s wireless local
area network infrastructure, are secure and can support advanced
voice features through updates to Cisco’s Compatible Extensions
(CCX) programme.
The devices will connect with Cisco’s “voice-ready” Unified
Wireless Network, which offers secure roaming across a series of
access points.
Other developments under the CCX programme are designed to
extend mobile device battery life, improve call prioritisation to
boost service quality and analyse voice call attributes such as
jitter, delay and sound loss.