Corporations are typically connected to two public, untrusted networks:

• the Public Switched Telephone Network (PSTN);
• and Wide Area Networks (WANs) or the Internet. Traditional phone stations or peripherals connect to the PSTN to enable voice calls, modem and fax communications, and video teleconferencing. Corporate computers connect to WANs or the Internet for data communications and access to information.

Internet Protocol (IP) phones and soft phones either connect to the PSTN via a media gateway, or cross the corporate perimeter to connect to WANs or the Internet.

Although nearly all corporations secure the Internet connection to their internal data networks with IP firewalls and related technologies, most corporations have yet to lock down their voice connection to the untrusted PSTN, or when present, bring an equal level of security to their IP telephony connections.

An array of vulnerabilities in internal data networks, the traditional phone environment, and other critical corporate infrastructure are accessible through an enterprise’s unsecured traditional phone network.

Although attacks against an enterprise’s Internet connection receive the most public attention, attacks against an enterprise through the traditional voice network are common.

Some of the main issues to be addressed for the telecommunication sector and related industries:

– Resilience, recovery & business continuity management
– Anti-SPAM, Anti Phising, Data Retention, Data Privacy
– Security Culture & Information Security Awareness Campaigns
– Value & ROI of Information Security Projects
– Security Governance models
– VOIP vulnerabilities and threats
– Revenue Assurance & Financial losses due to security breaches
– The threat of terrorism from a Telco’s perspective
– IT Network & client Security Architecture
– Security in the Supply chain & trends in Security Outsourcing

Illustration below: attack vectors on multimedia, communication devices