VoIP security

Please hold your call is being transferred to a phreak...(the insecurity of voice)

ronaldxbartels — Sat, 05 Jul 2008 09:45:59 -0400

Information security largely focuses on data communications, and voice is often ignored. Every successful hack or extortion has a phone involved somewhere in the process, but in most cases the phone is a silent and overlooked component in the forensics.

Read more

Cisco Security: patches now available for Cisco VoIP holes

Cisco Subnet — Thu, 26 Jun 2008 13:40:58 -0400

As expected, Cisco Security on Wednesday announced software updates to fix two holes in its VoIP prodcuts. The Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a vulnerability in the Computer Telephony Integration (CTI) Manager service that may allow a denial-of-service attack. Also, Cisco's Real-Time Information Server (RIS) Data Collector contains an authentication bypass hole that may expose information that is useful for hackers to mount other attacks.

Read more

Cisco VoIP vulnerabilities revealed today

Cisco Subnet — Wed, 25 Jun 2008 14:05:01 -0400

Cisco’s VoIP customers need to pay attention to its expected announcement today that its call server software has vulnerabilities. The VoIP security company VoIPshield says Cisco gear and that of its two chief rivals, Avaya and Nortel, have vulnerabilities that leave their systems open to a range of attacks. Cisco has been told about the vulnerabilities and may have fixes for them today, but that is not clear. VoIPshield says one of the three companies will just issue an advisory about its flaws but not fixes.

Read more

voip-vulnerabilities

Wed, 25 Jun 2008 11:03:30 -0400

Can't the session-border-controllers of these systems help to monitor and eliminate these threats?

VOIP and e-mail are not that different in their evolution

Fri, 13 Jun 2008 16:00:04 -0400

Both should be presumed "unsecured" and to be used for non-essential communications until they bring to bear trunking switching within an ATM Backframe which can be electronically secured, and "twisted off" by voltage leak sniffing. Just like the Navy says, "Keep it simple, stupid!" Assume that you are being heard...

Block Skype in the first place ...

xmachine — Wed, 26 Mar 2008 01:52:53 -0400

Why allowing a risky VoIP software to exist in your network in the first place. IM vendors should block messages that contains URL's. This is a more secure way to defend against malicious links. http://extremesecurity.blogspot.com

unified communications

Tue, 25 Mar 2008 09:25:05 -0400

Without a secure encryption method and security it will expose all to what is crippling the net today only at a larger scale

RE: VoIP vulnerabilities increasing, but not exploits

meatpieandtatters — Mon, 31 Dec 2007 09:57:35 -0500

The number of known vulnerabilities is bound to increase as IT managers continue to stuff more and more crap technology into their networks. The bigger problem however lies in the increasing number of threats regularly occurring on their networks. Too much dependency is placed on technology to keep their networks operating in a safe and compliant fashion, and they abdicate responsibility for actually knowing what's going on. Security controls, alarm thresholds and event management all use well-defined criteria to alert someone of a problem. But what about all the conditions leading up to and just below these points? Don't these conditions warrant attention? How does waiting for the event to occur help matters?

Read more

VoIP Security Lessons Microsoft OCS Can Learn From Vonage and Others

Mitchell Ashley — Mon, 03 Dec 2007 03:03:24 -0500

While VoIP is all the rage, VoIP security is often underplayed and frequently goes unaddressed. Not by telecom industry expert, Ike Elliott. A long time colleague and friend of mine, Ike led the creation of the first "soft switch" back in the late 1990's, a software-based phone switch running on a Sun server. What Ike pioneered, we today commonly think of as VoIP in products like Microsoft's Office Communication Server, the Asterisk open source VoIP server and many others.

Read more

RE: VoIP security industry: Guilty as charged

Thu, 15 Nov 2007 08:41:02 -0500

Nice job with the nasy questions. There are so many more to ask that I humbly suggest the comments section here to include more. Here's number 11 from me: Explain how your security advisory team works and proactively alerts customers and the public of weaknesses in your VoIP gear. Best, --scm