|Any time you introduce new features or products into your network, you must be aware of the fact that you may also be introducing new security threats. Technology is meant to be as an asset to the business that is to increase productivity. Unification is all the buzz lately and many applications on the network have become “unified”. This means that applications and resources on the network are integrating and seemlessly providing access through one interface.|
|Many businesses have seen the benefits that can be provided by a VoIP phone system and have migrated their older generation system to this new technology. But, because VoIP is over the data network, there have been new security risks associated with it. Because of this, many IT departments have chosen to segregate their voice networks from their data networks as much as possible.
But now many VoIP applications offer unified communications. This integrates many data applications on the network with your voice communications. This is introducing many new ways for attackers to gain access to confidential information. Unified communications (UC) opens up your infrastructure so that users can collaborate and share ideas easier. All this opens up the VoIP network to the data network and vice versa. VoIP now integrates with applications such as LDAP, email, and instant message communications. This means that now network credentials can be stolen through the VoIP network and once those credentials are compromised, a much broader range of access can be accomplished. Softphone clients are common in UC implementations and that provides just one more point of access for attackers to take advantage of.
Still though, while some of the more complicated attacks against UC in the application layer garner more attention, the more prevalent attacks are the lower network layer attacks that can deny service to VoIP networks. Protecting your network at the lower network layer can have a greater impact on your overall network security. When it comes to UC implemtations, including security planning early in the development cycle can make it much easier to create a secure environment.