As with most new technologies, VoIP security discussions are still being driven by the fear, uncertainty and doubt that accompanies any new technology. Whether VoIP can be exploited to compromise a corporate network remains up in the air, but there are some unique problems that make it particularly important to consider--primarily, that anybody with freely available software tools like VOMIT (voice over misconfigured Internet telephones) can intercept a VoIP stream, pick out a VoIP conversation, and convert the conversation into a playable audio file.

Of course, a similar breach could be conducted on existing phones simply by tapping into the PABX network’s wires. The obvious solution against VoIP snooping--encrypting all VoIP traffic--is readily possible but introduces other issues such as encryption/decryption overheads. If you’re implementing VoIP and concerned about the security of your calls, it’s a good idea to look around to make sure you’re happy with the level of security your equipment provides.

“A lot of the threats that plagued data networks in the past also affect voice networks,” warns Colin Lim, regional sales manager with equipment maker Fortinet, who also points out the growing discussion about the potential for SPIT (Spam over Internet Telephony) to clog up next-generation voice networks. “There’s a need to put technology into the LAN to enhance security; you need it there as insurance against the potential loss of productivity.”

The other major, disruptive technology that has changed the security profile in recent years is mobility. Increasing use of smartphones to empower field workers has produced considerable benefit for companies in all kinds of industries, but each of those data terminals is a potential point of entry into the corporate network--and must be managed that way.

Vendors are only now offering robust tools that can control the backup of data on mobile devices and the movement of sensitive information onto them--yet no matter how it’s achieved, mobile security must be adequately addressed for any company planning its information security strategy.

Equally problematic are the now ubiquitous memory sticks capable of carrying several gigabytes’ worth of corporate data. These devices, which must also by extension include mobile devices like iPods and other music players, can be easily exploited by data thieves--or can become unwitting carriers for sensitive corporate data if they are lost or stolen from their owners. Companies like Centennial Software and Altiris offer technologies specifically designed to counter this threat.