Verizon Business announced this week that it introduced VoIP Security Assessment Service, to manage and identify security risks associated with VoIP-based technologies.
The new offering, supported by a Verizon Business team of nearly 300 expert security pros, tackles the growing worry over VoIP security at a time when more and more companies are deploying the IP-based technology.
"Security is the [number one] concern customers express about VoIP," said Verizon Business' vice president of product management Nancy Gofus in a statement. "Addressing this issue helps ensure that customers will be able to depend on their next-generation VoIP networks for the high-quality performance and high-level availability they expect, and help increase efficiency and productivity."
The Verizon Business VoIP Security Assessment Service identifies and addresses potential security vulnerabilities associated with customer premises-based VoIP and hosted IP PBX systems from any hardware and software vendor.
The vulnerabilities caught can range from risks inherent in traditional VoIP-based data networks, including loss of service, fraud, privacy, denial of service (DoS) attacks, viruses and SPIT (spam over Internet telephony), as well as newer vulnerabilities related to the integration and interoperability of VoIP software and hardware.
The analysis suite is comprised of a four-part evaluation to assess the security of a customer's VoIP network:
- VoIP Architecture Review: This feature assesses VoIP network architecture, and identifies client-specific performance criteria and security objectives in terms of overall risk profile. This feature also focuses on segmentation of VoIP traffic, presence of dedicated firewalls and VoIP servers and use of virtual private networks.
- Network and Device Penetration Testing and Risk Assessment: This feature evaluates all VoIP-related devices as it scans underlying network hardware and software to test for vulnerabilities for unauthorized access, including identification of rogue devices and personal computer-based phones, or softphones. The feature also controls lists, open ports and evaluates and verifies out-of-date software patches.
- Evaluation of Standards, Policies and Procedures: Through this assessment, existing policies and procedures associated with a company's overall risk exposure and tolerance are reviewed, with a focus on policies related to personal handsets and softphones, connection of VoIP devices to local area networks, intrusion detection systems and VoIP traffic encryption.
- Discussion of Findings and Action Plan: With this feature, the assessment findings are reviewed in detail, with a focus on vulnerabilities discovered and detailed remediation plans containing prioritized recommendations for improving overall security.
On the other hand, Vonage Holdings Corp. also made its own announcement about the alleged accusations on Monday. The VoIP-based calling service provider noted in a statement that it had indeed been served with a patent infringement lawsuit, along with its wholly owned subsidiary, Vonage America, Inc., filed by Verizon Services Corp. and Verizon Laboratories, Inc. relating to VoIP technology.
Johanne Torres is contributing editor for TMCnet and Internet Telephony magazine. To see more articles by Johanne Torres, please visit Johanne's columnist page.