January 18, 2008
Sipera Viper Lab's Top 5 VoIP Threats of 2008
By Brian Solomon, TMCnet Web Editor
Sipera VIPER Lab, operated by Sipera Systems ( News - Alert) has revealed its list of the Top 5 VoIP Threat Predictions for this year. Using its own extensive research, the Sipera VIPER team determined the most potentially impactful VoIP/UC threats of 2008.
"The openness and extensibility of SIP make it an attractive choice for enterprises and service providers to realize the promise of unified communications. Unfortunately, those very attributes make it attractive to the hacking community and increase the overall security risk," said Sipera founder and CTO Krishna Kurapati ( News - Alert). "To fully realize the potential of unified communications, organizations need to implement up- to-date security best practices, and proactive UC security and system monitoring. Complementing those efforts, Sipera VIPER Lab will continue to issue threat advisories and provide consulting services to customers, partners and the general public to ensure unmatched unified communications security."
Sipera VIPER Lab's Top 5 VoIP Threat Predictions for 2008 are based on industry trends including major IP telephony vendors offering SIP solutions, enterprises deploying VoIP and unified communications beyond the traditionally secure perimeter, as well as service providers embracing fixed mobile convergence.
Sipera’s Top 5 threat predictions are:
1) Denial of service (DoS ) and distributed DoS attacks on VoIP networks will become an increasingly important issue as enterprises deploy SIP Trunks and unified communications for the mobile workspace.
2) HTTP or other third party data services running on VoIP end-points will be compromised for the purposes of eavesdropping and other cyber-attacks.
3) The hacking community will turn its attention towards Microsoft ( News - Alert) OCS, creating botnets and launch attacks.
4) Hackers will set up more IP PBXs to be used for vishing and phishing. Vishing bank accounts in particular will accelerate.
5) VoIP attacks against service providers will rise, with anonymous $20 SIM cards as the tool of choice.
Brian Solomon is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Brian Solomon’s columnist page.
Don't forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users. Hypertext Transfer Protocol (HTTP) | X | HTTP is a standard protocol used to transfer data. Here are two views of HTTP:
- TCP/IP and network processes of HTTP
- A view of the role of the internet and routers used to process HTTP....more |
Internet Protocol (IP) | X | IP stands for Internet Protocol, a data-networking protocol developed throughout the 1980s. It is the established standard protocol for transmitting and receiving data
in packets over the Internet. I...more |
Session Initiation Protocol (SIP) | X | SIP is the real-time communication protocol for VoIP. SIP is a signaling protocol for Internet conferencing, telephony, presence, events notification (emergency calling) and instant messaging.
SIP...more |
Denial of service (DoS) | X | Denial of Service begins with a hacker who sends TCP-Transmission Control Protocol SYN-Synchronize message from a friendly site or "spoofed" with internal IP-Internet protocol Address. If target site ...more |
Voice over IP (VoIP) | X | A real-time communications system that converts voice into digital packets containing media and signaling data that travel over networks using Internet Protocol....more |
(source: http://www.tmcnet.com/channels/small-business-voip/articles/18761-sipera-viper-labs-top-5-voip-threats-2008.htm)
|