Infosec experts say vendors must improve VoIP security

Infosec experts say vendors must improve VoIP security


Firms are reluctant to roll out voice-over-IP systems until there are more safeguards

Concerns about the security of voice over IP (VoIP) are preventing many organisations from deploying it, and the message to vendors is clear: make products more secure, said panelists at London's Infosec show last week.

In a panel debate, John Meakin, group head of information security at the Standard Chartered Bank, argued that simple IP telephony clients such as Skype would be attractive to corporates if vulnerabilities were removed and performance improved.

"When Wi-Fi came along, people told vendors what a pile of crap the Wireless Equivalent Privacy [WEP] protocol was, and vendors responded; we need that now in VoIP," said Meakin. "Data networks are not perfect. If we are contemplating pushing voice into that same can of worms whilst glibly saying that security is OK, we are up the creek without a paddle."

Andrew Yeomans, vice-president and global IT security director at investment bank Dresdner Kleinwort Wasserstein, said, "We would also like to integrate [IP] communications with desktop services and the web, but it can't be done safely today."