Jason Alan is a project manager, web developer, and businessman currently living in Warrington, UK.

Everything You Need to Know About VoIP Phone Systems for Business

Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure also carries risks affecting the security and integrity of your IP services. As IT networks are targeted by attackers, insufficient prevention can endanger not only the network but your telecommunication infrastructure that is built on top of it. This page and our VoIP security white paper aim to educate you about possible risks, common attacks and how to prevent them. Please, visit this website to select a best VoIP service for your business,

Analog and ISDN phone systems are connected to the public switched telephone network (PSTN) but usually not to the internet. IP phone systems on the other hand, are more vulnerable as they are connected to the internet through the local network (LAN) or directly through the SIP protocol. If the phone system is connected to the service provider (ISP) through the SIP protocol, it should access the internet through a firewall.

Even if an IP phone system is not directly connected to the internet, it can still be attacked through the LAN. Therefore, all IP devices and the access to your router, ISP and IP devices need to be secured at best. Potential mistakes include a direct connection of the IP phone system to the internet, having a public IP address or certain firewalls being open. We strongly advise to not do this!

There are many forms of cyber attacks that take advantage of different security breaches. Contrary to ISDN and analog telephony, eavesdropping of IP phone calls is much easier as separate access to physical phone lines is no longer required. Potential targets usually include user names and passwords but also social and business contacts. Often, eavesdropping is only the first step towards further abuse such as hijacking, fraud or Spam-over-Internet-Telephony (SPIT).

Beside misusing a hijacked system, another aim may be Denial-of-Service (DOS). DOS, or Distributed DOS (DDOS) attacks aim for malfunction of system operations or even complete system failure. Typically, targeted systems are flooded and eventually overloaded with request or response packages, stressing bandwidth and resources.