1

Voice over IP: Is the Convenience and Cost Worth the Risk? Voice over Internet Protocol (VoIP) has grown exponentially over the last decade as overall Internet capacity has increased and data transfer costs have dropped. The technology offers a viable alternative to traditional telephone communications systems, but it does not come without risks. Using VoIP in a business setting means that telephone communications are directly tied into the computer network system for the entire company. What’s worse, using an internal VoIP server usually requires opening external-facing ports to allow phone calls to come in, adding another access point for hackers to penetrate. A business can make its best efforts to lock down its internal network, but all connected devices must be considered when evaluating the overall security profile of the organization. Neo was recently deployed at a home-healthcare coordination facility. Many vulnerabilities were located in the network scan, however one area that was particularly troublesome was the VoIP server.

Neo detected 21 issues with the VoIP server alone, giving it a security rating of 0%. The terrible ranking on this server helped bring down the overall security ranking of the entire network to 4%. After discussing the issues with the IT service provider the company uses, it turns out he is at the mercy of the VoIP vendor to make the recommended changes to help secure the network since they actually manage the server. Corporate network security is only as strong as the weakest link, and in this case, poor security measures as a third party server putting the entire facility’s data at risk. Neo is a daily-automated ethical penetration-testing device that goes beyond typical network security devices and what third party security firms offer, for a fraction of the cost. Neo performs security tests of a network daily, helping ensure the highest level of security possible. Justin Farmer, CEO April 13, 2015 GIAC ISO 27001, CEH, CHFI, CDRP, CWSP, Network+