security packet network cisco nortel service attack point systems server attacks phone packets protocol phones voice control manager sequence jitter signaling protocols networks received layer enterprise unistim vendors introduce maximum

Joomla Modul

Syndicate

My Opinion - Security. Do more and ignore less.
Written by Jacek Materna   
Monday, 03 December 2007

VoIP Security. In a world where software is ever increasing, where sharing is ubiquitous, and application systems are vulnerable. Where hacking mediums are plentiful and on the rise, you can find just about any help you need these days. VoIP users are growing large enough that it becomes financially palatable to look into compromising these systems. It adds up to one inevitability: VoIP attacks are going to occur. Everyone should be asking themselves, whether the preventive measures will surface in time before major damage to targeted parties can occur. VoIP will soon, if not already, be a hot topic for so called penetration commandos, these guys I like to eloquently call hackers. According to some statistic firms, the number of consumer VoIP subscribers in the United States alone will reach around 10+million by the end of 2007, representing approximately 1/8 of all U.S. households, and will rise to some 1/4 by the end of 2011. Europe will be even more exciting, with numbers increasing to 1/2 of all total households, by the same time. There are also projections of 1 billion+ users of all types worldwide in 2012.

Trust me hackers have plenty of interest in VoIP. All over the web you can find lists of tools freely available that enable attacks of various types on VoIP networks and services. Spend some time in underground channels on networks such as IRC and eastern European forums, and you can quickly see what I am talking about. These tools would not be created and distributing if other people didn't want to use them. Case and point, if you build it they will come. The masses always make for attractive targets. Attackers prefer our favorite friend Microsoft for one reason: They represent almost 90% of all main user base software system on the planet. What I find interesting is McAfee Inc's report that predicts VoIP attacks would double in 2008.

One thing I do notice in the VoIP space is that a lot of people and sites are always talking the same stuff, re-iterating the same points about DoS, eavesdropping, etc. Just rehashing what we already know. I won’t spend my time talking at lengths about those types of security issues because it not in my interest to rehash the hash again. The single thing I do want to point out is the issue of SPIT. Step back a bit, lean up in your chair and imagine getting unwelcome recorded messages all the time from friendly places like China, Nigeria, trying to convince you that you're the next in line to receive 10 million Euro. Faking caller IDs is pretty trivial, even when using systems not based on SIP/H323, thus understanding whether a call is from your friendly neighborhood Abidjan warlord or from someone of your interest without answering it is going to get hard. Plain and simple. This threat of SPIT is coming, and when it gets here you better be prepared to deal with it. I predict that SPIT could be at least as hard as spam to stop, if not harder.

I'll put it very simply. Do not be stupid. Do not assume you can wait. Be proactive. Period.

 




Digg!Del.icio.us!Google!Facebook!Technorati!Newsvine!Free social bookmarking plugins and extensions for Joomla! websites!
 
< Prev   Next >