UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
July
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#39651 - 12/04/04 01:18 PM New VOIP Exploits Coming Soon
Spyrios Offline
UGN Member

Registered: 03/15/04
Posts: 419
Loc: VA
Before long, VOIP systems will be filled with spam, open to hackers and taken down by worms. But security, infrastructure and VOIP vendors say it's important to get ahead of the curve, and they encouraged enterprises to consider security first when implementing VOIP systems in a panel Wednesday at Ziff Davis Media's online Virtual Tradeshow on security.

"We've already seen instances where good-size enterprises had their VOIP infrastructures taken down by a worm," said Chris Thatcher, national practice leader at Dimension Data Holdings, a global IT services firm based in Reston, Va.

"There's been a lack of security in the design and development of VOIP [voice over IP] systems, and buyers aren't taking security concerns into consideration," Thatcher said.

Enterprises instead have focused almost exclusively on price, features and performance, often leaving new VOIP systems open to threats.

According to panelist Andrew Graydon, vice president of technology at security firm BorderWare Technologies Inc., those risks include the common security breaches that enterprises deal with today, including DDoS (distributed denial-of-service) attacks, malicious code, spoofing and phishing.

But enterprises also need to look out for unique-to-VOIP threats such as eavesdropping and "VBombing," where hundreds or thousands of voice mails can be quickly left on a single VOIP console.

Graydon said vendors are loath to admit that these weaknesses exist, let alone that they've already been exploited.

"It's such a new market, no one wants to scare the consumer," he said. "But I can already go onto hacking Web sites and find script for attacks [on VOIP systems]."

Graydon said a bulk of those attacks can be accomplished at the application layer, which for most major vendors is based on SIP (Session Initiation Protocol). Firewalls and VPNs can adequately handle transport-layer security for VOIP, but he compared SIP with SMTP and HTTP for Web and e-mail applications, which were largely ignored until security issues arose.

"All of the vulnerabilities that exist for e-mail also exist for VOIP," Graydon told eWEEK.com prior to the panel. "Let's not make the same mistakes." He said Ontario-based BorderWare is working with major VOIP vendors and telcos to install the company's SIPAssure firewall appliance.

Read The Rest At Eweek
_________________________
D, world destruction
Over and overture
N, do I need
Apostrophe T, need this torture?-They Might Be Giants

Top
Sponsored Links
      
#39652 - 12/06/04 10:44 AM Re: New VOIP Exploits Coming Soon
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
Here we go. The reasons VOIP is not viable, besides power issues. It is not quite utility quality yet guys.
_________________________
My New site OpenEyes

Top

Featured Member
Registered: 03/05/02
Posts: 9
Forum Stats
2145 Members
46 Forums
33352 Topics
68519 Posts

Max Online: 1567 @ 04/25/10 10:20 AM
Top Posters
UGN Security 26515
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jimmie Menon, fghijk435948, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 688 Guests and 309 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!