McAfee: More VOIP Security Woes for 2008McAfee: More VOIP Security Woes for 2008

VOIP security makes McAfee's list of Top 10 Threat Predictions for 2008, taking the ninth spot based on McAfee's projection that VOIP attacks will increase 50% next year (link to the PDF is at VOIPSA).

VOIP security makes McAfee's list of Top 10 Threat Predictions for 2008, taking the ninth spot based on McAfee's projection that VOIP attacks will increase 50% next year (link to the PDF is at VOIPSA).I keep hearing that VOIP-specific attacks aren't your biggest worry: Mark Collier of SecureLogix and VOIPSA said that at VoiceCon San Francisco in August, and Dan York, of Voxeo and now VOIPSA, concurred at Interop New York in October.

Did something change?

I doubt it. For one thing, any list of Top 10 security threats is going to have to include VOIP, because there aren't all that many meta-categories of security threats. As the McAfee report notes, VOIP is still pretty new and not every company is up to speed on defenses, so right there VOIP security qualifies as a major threat area.

As for the 50 percent increase, McAfee notes that reported VOIP vulnerabilities "more than doubled this year over 2006 (actually, their bar chart shows vulnerabilities more than tripling, from 20 in 2006 to more than 60 in 2007). More vulnerabilities means more likelihood of attacks targeting VOIP infrastructure directly, but all the smart VOIP security people I know say that the bigger threats still involve some attack on the underlying IP network, like denial of service.

When VOIP endpoints become more widespread, then of course it's a whole new ballgame.