Software controls try to prevent the exploitation of vulnerabilities but not all attacks can be contained by technical measures. Many vulnerabilities are due to “poorly designed implementations that can provide inroads to data networks. ‘Mistakes’ such as remaining undocumented open ports, extraneous services, etc. can be easily exploited, and denial of service attacks is the most significant specific threat to VoIP.
Computers and networks are an important part of the information systems of many organizations. We are dependent on computers and networks for the provision of services across all sectors of the economy. However, vulnerabilities exist in these information systems. Vulnerabilities in operating systems and application software can be exploited by cybercriminals. Social engineering provides an alternative method for attackers to gain access to information assets, through exploiting human vulnerabilities.
Open access and networking of computers increase risks and therefore require greater measures of security. Security is both a technical and social concern. It relates to the confidentiality of information, system integrity, authentication of users, personal safety of people and other social issues. Information security, software vulnerabilities, and social engineering will be briefly discussed followed by an in-depth exploration of vulnerabilities associated with the use of VoIP. Included are details of how vulnerabilities work, the consequences of an attack, and a look at possible controls. Recommendations are then offered that organizations can take to protect themselves.
Information that is confidential must not be accessible by unauthorized parties (Kinkus, 2002). And, there must also be protected against unauthorized changes, which is known as integrity. Unauthorized access is a leak of information that could be mildly embarrassing in the case of personal information to outright disastrous in the case of sensitive information. Hacking compromises both the confidentiality and integrity of information. .