IP phones can create network security risk

The increasing adoption of Internet telephony may be opening up a significant security risk for companies

While mobile telephone viruses have been the subject of headlines recently, IP-based telephones could represent a more immediate security threat for many businesses. "Attacks on IP phones are actually quite frequent," said Roy Wakim, convergence solutions manager at Avaya South Pacific. "Security is a major issue."

Voice over IP solutions have gained increasing enterprise acceptance. A study earlier this year by Integrated Research found that 56 percent of medium and large companies were already using IP telephony, and a further 26 percent were planning a trial within 12 months. A key attraction of such systems is reduced maintenance and deployment costs, as a single network can be used for voice and data.

But that flexibility comes at a cost. While there are no acknowledged reports of actual viruses aimed at IP telephones, the fact that they have their own IP address means they are frequently probed as potential attack sites, Wakim said. Poorly configured networks could allow voice calls to be monitored -- a problem which Avaya and other vendors attempt to circumvent by encrypting calls. Virus attacks such as Nimda which slow down network performance can also render phones inoperable.

As IP telephones move beyond simply handling voice calls to running applications which directly access enterprise data networks, the virus risk is likely to increase. In the Integrated Research study, 66 percent of respondents listed the ability to deploy applications as a major attraction of IP telephony.

Vendors have long recognised the potential for attacks via IP telephony networks. "Voice networks are juicy targets for hackers with ulterior motives," Cisco notes in a white paper on the topic. "The main issue with voice networks today is that they are generally wide open and require little or no authentication to gain access."

ZDNet Australia's Angus Kidman reported from Sydney. For more coverage from ZDNet Australia, click here.