In a world where strong passwords are one of the most hated necessities around—where did I put the capital letter? Shouldn't there be an ampersand here? Which numbers did I use—it may come as a surprise to discover that weak passwords are a problem in more places than expected. Voice over Internet protocol (VoIP) is one of these, as a new report from Edgewater Networks reveals that weak passwords are the cause of a lot of VoIP attacks.
With a CompTIA (News - Alert) study showing 52 percent of breaches are related to human error, the notion that VoIP services would be immune from such issues is probably unrealistic. It's easy to overlook VoIP as a potential security risk, especially considering how comparatively new it is, but VoIP has many of the same vulnerabilities as a computer or the like, since these are all connected to the network in much the same way. The big problem isn't so much on the end-customer point, however; reports note that the biggest problem is in terms of provisioning.
Businesses want rapid provisioning. Ordered devices need to be in place and providing value as quickly as possible, and no one wants to wait. That means that technicians will often not bother to change an established password, leaving the default one in place. The technicians commonly believe that the password can—and it certainly can—be updated later, but as things come up, that update falls by the wayside to accommodate the other urgent issues that arise. It becomes readily possible to spot the default password—sometimes it's only a Google (News - Alert) search away—and that leaves a new point of failure for all of network security.
As for how to improve that security, it can be as simple as adding an intelligent edge system. Intelligent edge systems can improve provisioning speed, helping to ensure that technicians don't have to skip the updated password step. Using the EdgeView Service Control Center, for example, actually automates the default password update step, reports note, which can make the security side of the process much smoother.
It's easy to wonder, though, why these systems actually use passwords at all. It seems like a VoIP system would be the perfect place to use voiceprint identification, or at least a spoken password, which would be far more complex than a regular password. VoIP endpoints, similarly, could be built with thumbprint scanning pads to only unlock for authorized users. Biometric security systems are much harder to spoof and often require methods that are better suited to spy thrillers than reality. Still, since passwords seem necessary, a strong one will always be better than a weak one.
The day of the password isn't done yet, despite protests to the contrary. VoIP systems are no less in need of strong passwords than any other system, and we'll likely see more systems needing strings of letters, numbers and symbols before we see fewer.
Edited by Alicia Young