This seems to be one industry where the bad guys currently have the advantage over the good guys. While the VoIP protective measures of the Middle East are discussed here, the same applies to domestic individuals and businesses of all sizes. Because VoIP consists of telecommunications over the Internet, appropriate encryption standards need to be deployed, which seem to either be unavailable to most, or people just don’t care who eavesdrops on their conversations…

Security specialist Scanit says web phone installations in corporate environments have little or no protection against VoIP wiretapping…

“Throughout the Middle East, the installations we have seen have not had strong security controls in place,” Scanit engineer Sheran Gunasekera explains.

“Primarily, the reason for this has been the fact that the system integrator or implementer had not paid much attention to the security of the entire setup.”

It is possible, Scanit (www.scanit.net) says, for an internal employee of the organisation, to intercept voice conversations and re-route calls outside of the firm’s network.

According to Sheran, a high percentage of installations he has audited had no encryption on the voice stream.

There can be several reasons that a corporation or service provider will run an unsecured implementation, he explains.[more]

Tags: Voicemail/VoIP