November 26, 2007
The Latest VoIP Security Threat
By Rich Tehrani, President and Editor-in-Chief
For years, I have been covering VoIP security and, throughout this time, it has been a one-sided conversation, as there have been few documented cases of VoIP security attacks. Companies are generally not too happy to discuss VoIP security breaches, so this news shouldn’t be very surprising to anyone.
In the absence of news regarding companies who have had voice or video conversations compromised, vendors in the VoIP security market have been proactive. Some, such as Sipera, have revealed vulnerabilities of existing equipment and, more recently, one person has even released a proof of concept program named SIPtap, with the goal of showing how easy it is — once a program is slipped onto a corporate computer via a Trojan horse or some other means, to record enterprise VoIP calls as .wav files for later analysis.
The person behind this proof of concept program is Peter Cox ( News - Alert) who co-founded and was CTO of BorderWare, a company in the VoIP security and session border control space. I first wrote about the company in August, 2005 in a blog entry titled Secure VoIP, and I covered it more recently in an entry titled Borderware’s SBC Strategy.
Cox left BorderWare ( News - Alert) and has his own VoIP Consultancy, which will be up and running in 2008, according to PC World.
The issue of protecting VoIP calls is likely something corporate decision makers gloss over all too often, and just because companies are not reporting more security incidents, does not mean they aren’t happening. In the end, if you are responsible for the IP communications infrastructure of your company, you need to be 100% up to date on the latest solutions on the market.
For this reason it is essential you study the problem as thoroughly as time allows and network with others in the space.
As more and more crucial information gets carried over IP networks, the incentive to eavesdrop on these conversations will grow dramatically. Moreover, as SIP becomes ubiquitous, the knowledge needed to perform hacks, such as the one I described earlier, will only grow. The sooner you learn about how to effectively secure your corporate IP communications, the better off you and your company will be.
Internet Protocol (IP) | X | IP stands for Internet Protocol, a data-networking protocol developed throughout the 1980s. It is the established standard protocol for transmitting and receiving data
in packets over the Internet. I...more |
Session Initiation Protocol (SIP) | X | SIP is the real-time communication protocol for VoIP. SIP is a signaling protocol for Internet conferencing, telephony, presence, events notification (emergency calling) and instant messaging.
SIP...more |
Voice over IP (VoIP) | X | A real-time communications system that converts voice into digital packets containing media and signaling data that travel over networks using Internet Protocol....more |
(source: http://sip.tmcnet.com/topics/enterprise-communications/articles/15160-latest-voip-security-threat.htm)
|