Beware of UC security threats
Unified communications opens up your VoIP network to new avenues of collaboration, including instant messaging, video, business applications and e-mail. And that opens up your network to new avenues of attack.
While the biggest actual threats to VoIP networks remain attacks to the underlying IP network infrastructure, UC opens up new angles of attack by creating connections between VoIP networks and corporate data networks.
Typically, most corporate deployments these days try to segregate VoIP as much as possible, creating islands that protect the voice network by broadly restricting access for devices unnecessary to supporting calls, says Ted Ritter, an analyst with Nemertes Research.
Unified communications changes all that. "With UC, by definition you are opening up your infrastructure and focusing on collaboration, reaching outside the enterprise to trading partners and customers," Ritter says.
Eavesdropping, altering conversations, stealing phone access to commit toll fraud and flooding targeted extensions with calls - all of which were possible before - become easier, he says.
Don't ignore basic IP-network attacks
In reality, however, few of these theoretical VoIP-specific attacks have occurred in the wild, says David Endler chairman of Voice Over IP Security Alliance and senior director of security research at Tipping Point. Endler has co-authored a book about such attacks called "Hacking VoIP Exposed", but acknowledges that the basic step of protecting the IP network that underpins VoIP is still the best protection.
"People may tend to look at some of the sexier types of attacks out there to prevent them - things such as eavesdropping or impersonation or caller ID spoofing - the truth is the most prevalent threat right now is the very basic network-level type of attacks," Endler says.
Still, businesses deploying VoIP should be aware of security cracks that UC can open up, says Stuart McLeod, the course director for IT training firm Global Knowledge who teaches its VoIP security courses. "Security is always about having as many layers of obstacles as possible between the hacker and his goals. We lose a couple once you move to unified communications," he says.
For example, UC may introduce the use of softphone clients on PCs, which can cause trouble, says Jason Ostrom the director of Viper Labs, the security research arm of Sipera, a vendor that specializes in VoIP security. With an eye toward testing business VoIP networks, Ostrom develops VoIP-specific attacks in his lab, automates existing attacks and makes them more sophisticated.
He says the Microsoft Office Communications Server client and Cisco Communicator softphone client for call-center applications can be potential sites for attack, particularly from insiders. They could break into the data virtual LAN via the clients, which have listening voice services to tap into the VoIP VLAN, he says.
Dataract increases e5 Workflow performance with Microsoft® Windows Server® 2008
Since upgrading to Windows Server 2008 from Windows Server 2003, Dataract have made visible improvements in their workflow calculations and image presentation performance.
Comments
Keep your computer running like new.
Have you been searching for a great antispyware to keep your computer running like new? If so, you will be happy to know that there are some great options out there. I have tried many different types of antispyware only to find that the majority of them find the exact same types of bugs. The biggest difference that you will find between all the different types of antispyware offered is the price. Search-and-destroy is an excellent choice that can be purchased at a lower price than many of the other options available. If you are interested in discovering the benefits offered from antispyware solution from Search-and-destroy visit http://www.search-and-destroy.com to learn more.