Advertisement

Security Q&A #2

How does a virus affect an IP Telephony system?

Viruses plug networks, cause mischief by passing their infecting mechanisms to every possible corner of the Internet and deflecting human, capital and software resources into dealing with the virus.

They can affect poorly designed IP Telephony systems by clogging network bandwidth, exploiting weaknesses in IP Telephony server operating systems and disguising other attacks such as Distributed Denial of Service attacks, toll fraud or eavesdropping beacons that might reflect IP telephony packets representing conversations or bits of conversations to off-enterprise resources.

Clogged networks deliver poor audio quality (dropped packets, truncated sentences and clipping) and could cause RTP session failures (aka, dropped calls) or low availability.

More significantly, poorly designed IP Telephony systems, that might rely on easily-infected operating systems (Consider Cisco Call Manager's use of Windows), require significant resources be consumed assuring security packs and patches are available, downloaded and working. Being such a big target for attack, causes considerable weaknesses in any 'effective security' Cisco and its resellers may otherwise be able to provide. See my blog on Security of OSes.