Telecoms provider Thus warned today that some consumer VoIP products use a peer-to-peer model which results in bandwidth being used to carry other individuals' voice and data traffic without the user's consent or knowledge.
Such applications are designed to circumvent firewall restrictions by emulating a web browser, according to the company. This can be troublesome on a corporate network as it makes the VoIP packets difficult to identify, audit and control.
Thus also warned that IT departments will find it difficult to track and store user communication, and that videoconferencing and file transfer applications can take up significant bandwidth on the corporate network and slow other network traffic, all of which could have a serious impact on work productivity.
The firm suggested certain controls businesses can put in place to protect themselves from such vulnerabilities associated with VoIP:
- Heighten awareness of VoIP security issues to employees, emphasising the risk it can put on a business
- Restrict a user's ability to install applications by locking down desktops
- Regularly audit devices and traffic flows for unknown or unexpected activity
- Include VoIP applications in a list of explicit applications that may not be appropriate for employee use (acceptable use policy)
If a business does allow consumer VoIP packages to be downloaded Thus said that the company should:
- Ensure that virus scanners are installed on all desktops and that they are kept up-to-date
- Manage the VoIP application as if it is a supported business application
- Thoroughly test a specific application and include it in the list of applications that are tested, recognised and installed for employee usage