The surfacing of a pair of flaws in Cisco’s CallManager IP telephony servers last week raises the hot-button issue of how to secure enterprise VOIP networks from attacks. But one industry expert says the threat of an attacker or virus taking down a businesses IP PBX or VOIP network is more phantom than menace.“There is a lot of hype about IP telephony security threats,” says Lawrence Orans, principal analyst with Gartner, in a recent interview. For organizations that don’t have network or security team members who are knowledgeable about voice/data convergence as well as security, “then IP telephony security can sound pretty scary,” he adds.Best practices for securing VOIP networks include disabling unnecessary services on devices running call control software, running VOIP gear along with firewalls and intrusion prevention systems, and keeping up with software and security patches and updates for VOIP hardware, software and server operating systems.One Cisco VOIP flaw identified last week involved the potential for denial-of-service attacks to be launched against a CallManager server. In addition to upgrading CallManagers with software fixes, the vendor says that taking steps to more tightly control what kinds of traffic can access a CallManager server is another good precaution. “By using access lists and rate limiting to control access to the Cisco CallManager, the risk of successful attack is greatly reduced,” Cisco said in its bulletin last week.While holes can and will pop up in VOIP gear from all makers of IP telephony gear, from Cisco, to Avaya, 3Com and Nortel, “the bottom line is that IP telephony attacks are rare,” Gartner’s Orans says. Converging voice and data allows for cost savings on administration and network maintenance, and provides potential productivity benefits of voice-enabled applications and unified messaging. “Enterprises that diligently use security best practices to protect their IP telephony servers should not let these threats derail their plans.”By Phil Hochmuth – Network World (US online) Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe