|
Posted by Knowing About on August 26, 2006, 6:30 am
If you were Registered and logged in, you could reply and use other advanced thread options
VoIP is well on its way to widespread adoption, but the fact that many
companies haven't taken the necessary steps to toughen up security on
their VoIP systems could make them attractive targets for hackers.
Companies eager to tap into the ROI of VoIP are doing so without fully
considering the security risks stemming from weaknesses in VoIP
applications, operating systems, and structure and supporting services
that could spell opportunity for hackers, said David Endler, director
of security research at Marlborough, Mass.-based 3Com and its
TippingPoint security business.
One of the main weak links in VoIP security is the tendency for
organizations to leave phones exposed to the Internet, which enables
attackers to use search engines to discover information about the
network that they can use in subsequent exploits, according to Endler.
To guard against this threat, companies need to boost the security on
VoIP phones by disabling services that aren't needed or restricting
access to the specific location, Endler said.
At the Black Hat conference in Las Vegas earlier this month, Endler
demonstrated a technique for discovering VoIP phone extensions and user
names by sending specially crafted SIP messages to a Cisco VoIP system.
Cisco released a subsequent advisory in which it recommended
implementing the VoIP infrastructure and data devices on separate
VLANs.
An attacker could use the information to exploit any vendor's
SIP-based VoIP infrastructure. "Once you have the extensions, you can
perform more advanced attacks," Endler said.
For More Information : http://www.knowingabout.com/voip
|
 
| |
Posted by Rick Merrill on August 26, 2006, 8:10 am
If you were Registered and logged in, you could reply and use other advanced thread options
Knowing About wrote:
> VoIP is well on its way to widespread adoption, but the fact that many
> companies haven't taken the necessary steps to toughen up security on
> their VoIP systems could make them attractive targets for hackers.
>
...>
> One of the main weak links in VoIP security is the tendency for
> organizations to leave phones exposed to the Internet, which enables
> attackers to use search engines to discover information about the
> network that they can use in subsequent exploits, according to Endler.
What exactly does "leave phones exposed" mean?
(My ATA comes after the cable modem and the ATA does NAT.)
|
|
Posted by Lonewolf on August 26, 2006, 9:28 am
If you were Registered and logged in, you could reply and use other advanced thread options
the set is registered to a proxy that shouldn't be a large issue. A simple
firewall should be able to provide protection. I don't view this as any more
serious than anything else connected directly to the Internet.
> Knowing About wrote:
>
>> VoIP is well on its way to widespread adoption, but the fact that many
>> companies haven't taken the necessary steps to toughen up security on
>> their VoIP systems could make them attractive targets for hackers.
>>
> ...>
>> One of the main weak links in VoIP security is the tendency for
>> organizations to leave phones exposed to the Internet, which enables
>> attackers to use search engines to discover information about the
>> network that they can use in subsequent exploits, according to Endler.
>
> What exactly does "leave phones exposed" mean?
>
> (My ATA comes after the cable modem and the ATA does NAT.)
>
|
|
Posted by Great Vincent on August 28, 2006, 5:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
neither.
|
| Similar Threads | Posted | | Home Alarm Systems & VoIP | August 11, 2005, 1:02 pm |
| Hughes Software Systems at VoN Spring 2004 | March 30, 2004, 3:04 am |
| Cisco Unity vs. Other Voice Mail Systems | June 20, 2005, 8:16 pm |
| Virtual PBX,Private Phone Systems,PBX Sip,Phone Switches,Pabx,Free Internet Calls | May 8, 2006, 9:07 pm |
| Virtual PBX,Private Phone Systems,PBX Sip,Phone Switches,Pabx,Free Internet Calls | May 20, 2006, 7:41 pm |
| Voip Updated Howto,New Voip Phones,Voip Conferencing,Satellite Voip,Virtual PBX Solutions | May 21, 2006, 11:18 am |
| Voip at Home,Voip Updated Howto,New Voip Phones,Voip Conferencing, | May 26, 2006, 9:42 am |
| VOIP providers better if closer to your area? Recommendation on VOIP provider with BYOD device or not... | March 9, 2008, 10:13 pm |
| Any VoIP phone will work with any VoIP software (skype, Gizmo, VoipBuster,etc) | December 11, 2005, 8:47 pm |
| VOIP Phone Service - Basics, Tutorial, VOIP Technology, Info. All in One | April 16, 2006, 12:40 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map