PrepAway - Latest Free Exam Questions & Answers

Which of the following does not describe IP telephony security?

Which of the following does not describe IP telephony security?

PrepAway - Latest Free Exam Questions & Answers

A.
VoIP networks should be protected with the same security controls used on a data network.

B.
Softphones are more secure than IP phones.

C.
As endpoints, IP phones can become the target of attacks.

D.
The current Internet architecture over which voice is transmitted is less secure than physical phone lines.

Explanation:
B: IP softphones should be used with caution. A softphone is a software application that allows the user to make phone calls via a computer over the Internet. A softphone,
which replaces dedicated hardware, behaves like a traditional telephone. It can be used with a headset connected to a PC’s sound card or with a USB phone. Skype is an
example of a softphone application. Compared to hardware-based IP phones, softphones make an IP network more vulnerable. However, softphones are no worse than any
other interactive Internet application. In addition, data-centered malware can more easily enter a network via softphones because they do not separate voice traffic from data as
do IP phones.
A is incorrect because the statement correctly describes IP telephony network security. An IP telephony network uses the same technology as a traditional IP network, only it
can support voice applications. Therefore, the IP telephony network is susceptible to the same vulnerabilities as a traditional IP network and should be protected accordingly.
This means the IP telephony network should be engineered to have the proper security.
C is incorrect because the statement is true. IP phones on an IP telephony network are the equivalent of a workstation on a data network in terms of their vulnerability to
attack. Thus, IP phones should be protected with many of the same security controls that are implemented in a traditional workstation. For example, default administrator
passwords should be changed. Unnecessary remote access features should be disabled. Logging should be enabled and the firmware upgrade process should be secured.
D is incorrect because the statement is true. For the most part, the current Internet architecture over which voice is transmitted is less secure than physical phone lines.
Physical phone lines provide point-to-point connections, which are harder to tap into than the software-based tunnels that make up most of the Internet. This is an important
factor to take into consideration when securing an IP telephony network because the network is now transmitting two invaluable assetsdata and voice. It is not unusual for
personally identifiable information, financial information, and other sensitive data to be spoken over the phone. Intercepting this information over an IP telephony network is as
easy as intercepting regular data. Now voice traffic needs to be encrypted, too.

One Comment on “Which of the following does not describe IP telephony security?


Leave a Reply