|
January 22, 2007
VoIP Security on Parade: Collier Predictions; ITEXPO Education
By Greg Galitzine, Group Editorial Director
Mark Collier knows a thing or two about security. As CTO of SecureLogix Corporation, an enterprise telephony management and security company, Collier is responsible for technology research, development, and related intellectual property, including a special focus on VoIP  security solutions. Mr. Collier is also a founding member of the VoIP Security Alliance ( News - Alert), an industry group focused on VoIP security education.
Collier has posted a series of predictions regarding VoIP security on his VoIP Security Blog.
According to Collier, "Enterprise VoIP deployments will continue to ramp in 2007, and the frequency and severity of VoIP-specific attacks will increase as well." He also believes that Denial of Service (DoS ) will continue to be the most significant threat to VoIP.
VoIP Security will be on display at Internet Telephony Conference & EXPO this week as well. The conference features a dedicated full-day track on the subject of VoIP Security, and will feature sessions entitled, "Everything You wanted to Know About VoIP Security," "VoIP Spamming — Challenges and Soutions," and SIP & Security. The sessions will take place on Friday January 26, at the Broward County Convention Center in Ft. Lauderdale.
Speakers will include representatives from the following companies:
VoIP Security remains an important issue facing developers and implementers alike. As the industry transitions to an IP-based infrastructure it is increasingly critical to gather as much information as possible to prepare for the inevitable security questions.
Here are the Top 10 predictions, according to Collier:
1) There is no doubt that VoIP security attacks have taken place, but very few have been widely publicized. I predict that in 2007, we will see enterprise VoIP systems attacked and the results publicized.
2) VoIP is an application running on the data network and will continue to be affected by attacks such as worms, virus, Denial of Service (DoS), etc. While these attacks may not directly target VoIP systems, they will disrupt operations because the underlying platforms are vulnerable to the attack.
3) We will also start to see more VoIP specific attacks, particularly aimed at the enterprise. There is more scrutiny of VoIP systems and attackers will find more issues that are unique to VoIP and the systems that enable it.
4) Attackers will also be developing more tools to exploit these issues. Even now, there are plenty of tools out there, but you can expect to see more tools and extensions to the tools currently available.
5) Denial of Service (DoS) will continue to be the most significant threat to VoIP systems. Many VoIP systems are very vulnerable to fuzzing and flood based attacks, including simple transport and application layer attacks.
6) You can expect enterprises to start deploying the Session Initiation Protocol ( News - Alert) (SIP) for handsets as well as connectivity to the public network. The move to SIP will affect security, because there is a long list of SIP attack tools available for use.
7) Even with the move to SIP, proprietary protocols will continue to dominate VoIP for several years. You will start to see new attack tools that target these protocols as well, especially for vendors with wide deployment (Cisco, Avaya ( News - Alert), Nortel, Siemens, etc.).
8) Social threats such as voice phishing and voice SPAM will start to emerge. They will not be common, but their threat level will grow with the increasing adoption of VoIP. Social engineering attacks could start to become disruptive in late 2007.
9) Although vendors will increase their offerings for conversation encryption, it will not be widely employed by enterprises.
10) VoIP deployment has the potential to affect traditional networks. Attacks like DoS, SPIT, and toll fraud may "spill" over and affect legacy systems."
Internet Protocol (IP) | X | | IP stands for Internet Protocol, a data-networking protocol developed throughout the 1980s. It is the established standard protocol for transmitting and receiving data
in packets over the Internet. I...more |
Session Initiation Protocol (SIP) | X | | SIP is the real-time communication protocol for VoIP. SIP is a signaling protocol for Internet conferencing, telephony, presence, events notification (emergency calling) and instant messaging.
SIP...more |
Denial of service (DoS) | X | | Denial of Service begins with a hacker who sends TCP-Transmission Control Protocol SYN-Synchronize message from a friendly site or "spoofed" with internal IP-Internet protocol Address. If target site ...more |
Voice over IP (VoIP) | X | | A real-time communications system that converts voice into digital packets containing media and signaling data that travel over networks using Internet Protocol....more |
(source: http://voipservices.tmcnet.com/feature/articles/4651-voip-security-parade-collier-predictions-itexpo-education.htm)
|
TMCnet LOGIN
Webinars
