Track: TMC University: Network Security (U3)
Security Threat Mitigation in Enterprise UC Environments
|Wednesday - 02/04/09, 8:30-9:15am|
Increasingly, large enterprises in North America are moving Unified Communications (UC) applications out of the lab and into production environments. But UC’s long-touted benefits aren’t free. The real-time IP technologies and VoIP infrastructure elements that underlie UC provide many new inroads for criminal attackers (both inside and outside the enterprise) and unwitting bearers of malware. Further, it’s clear that many current countermeasures (routers, data firewalls and intrusion prevention systems) cannot defend the new attack surfaces presented by real-time VoIP, instant messaging, video, and collaboration applications.
Emerging threats to the security, reliability, and availability of UC environments include:
• Denial of service (DoS) and distributed DoS attacks on VoIP and UC application infrastructure
• Attacks that compromise UC message confidentiality and voice privacy
• Unauthorized access to and theft of UC resources and communications
• Virus, worm, and spam for internet telephony (SPIT) attacks on UC endpoints, servers, and networks
Failure to quash these new security threats can mean lost revenue, diminished customer loyalty, corporate brand devaluation, liability exposure, and regulatory non-compliance penalties. This session builds a risk assessment taxonomy for UC security; ranks the criticality and value of UC resources at risk; rates the reality, imminence, and success probability of various UC security attacks; and identifies specific technologies that can be deployed to deflect or mitigate the impact of those attacks on business-critical applications and networks.
Director of Product Marketing
Securing the SIP Trunk
|Wednesday - 02/04/09, 9:30-10:15am|
Many businesses are looking to deploy SIP trunks, which enable cost-effective VoIP phones to establish Internet connections with the public-switched telephone network (PSTN). Flexible and cost-effective, it makes a great deal of business sense for companies to deploy a SIP trunk and use the same IP connection for all these communications, with traffic routed over a service provider’s IP backbone.
Yet, as with any new technology adoption, SIP trunking requires some education — not all SIP is equal, and to derive the maximum benefit from SIP trunks, it pays to understand all of its dimensions — especially security, so that critical business communications are not interrupted.
This presentation will review the benefits of deploying SIP trunks, as well as the requirements for securing a business-class SIP trunk. In order to allow companies to derive the greatest benefit from their SIP trunks, a comprehensive security solution must be applied. The presentation will outline the three necessary parts to an overall security solution:
Enablement — facilitation of seamless and secure enterprise communications with high quality of service (QoS);
Control — effective management of users and their access to services, features and functions, ensuring that the system and its resources are utilized in keeping with business needs, user requirements and security policies; and
Protection — end-to-end assurance against signaling and media vulnerabilities.
Product Manager, Skype for Business
VoIP Security best Practices
|Wednesday - 02/04/09, 12:30-1:15pm|
As VoIP deployment accelerates over the next two to three years, VoIP networks are going to become an increasingly attractive target for would-be hackers and attacks. As a discipline, VoIP security is still in its infancy making it exceedingly difficult for security professionals with enterprises with stringent security and privacy requirements to accurately assess new threats, trends and issues in the market. The end result is a new security discipline that requires constant monitoring and intelligence in order to separate fact from fiction and determine what action really needs to be taken. This session will showcase research conducted in real-life labs and best practices from the data security world.
Chief Technology Officer
|Wednesday - 02/04/09, 1:30-2:15pm|