Beware of UC security threats
- 1
- 2
- 3
- < previous
- next >
Also, UC applications live on the voice VLAN that are tied into LDAP and Active Directory servers, creating another exposure for the data network. "User passwords and corporate data can be stolen through the voice VLAN," Ostrom says.
Risk assessment is essential to making decisions about defending VoIP tied to UC, says Paul Kocher, president and chief scientist at Cryptography Research, a data security consultancy. UC represents a series of sophisticated integration points with applications that can create other risks, but not all of them are urgent, he says.
For example, within UC software, programs can be configured to trigger phone calls, but that's not a major problem. "There are potential eavesdropping scenarios or the application could be corrupted to call the wrong phone number," Kocher says. "But those aren't the types of things you lie awake at night and worry about."
It's possible to defend these networks, Ritter says, but the increased complexity means that more corporate business units need to be involved at a higher level than was required for standalone VoIP.
Don't ignore the compliance factor
Compliance is a big issue in industries such as finance, health care and the payment-card industry, which have regulations that can impact VoIP. UC must be defended against data leaks whether it be voice mail that gets e-mailed, an IM sent outside the company or an archived videoconference that's sitting on a disk and contains patient information.
UC also creates new legal complexities that can affect policies about storing call data, Ritter says. Voice mail attachments to e-mails, for instance, are classified as electronic data that must be made available during the discovery phase of lawsuits, he says. If such voice mail is stored on a thumb drive that sits in a desk drawer for three years, it's discoverable as electronically stored data, he says. "The voice mail is still around even though the voice mail system itself purged it years ago," Ritter says.
Businesses that are most successful with UC deployments bring their security teams in early on in the planning process, Ritter says, but that is not the usual case. "Unfortunately we still find security is typically one of the last teams to be involved in planning," he says.
Ritter recommends getting the security and compliance teams together early in the planning for UC and VoIP. That offloads much of the responsibility for security from the implementers who are more likely telephony experts or general infrastructure experts. Even corporate litigation teams should be brought in.
- 1
- 2
- 3
- < previous
- next >
V/Line and Oakton use Microsoft SQL Server 2008 to develop an Executive HR Dashboard
With the help of Oakton, V/Line - Victoria's regional public transport provider - utilised Microsoft SQL Server 2008 to develop an Executive HR Dashboard report.
Comments
Keep your computer running like new.
Have you been searching for a great antispyware to keep your computer running like new? If so, you will be happy to know that there are some great options out there. I have tried many different types of antispyware only to find that the majority of them find the exact same types of bugs. The biggest difference that you will find between all the different types of antispyware offered is the price. Search-and-destroy is an excellent choice that can be purchased at a lower price than many of the other options available. If you are interested in discovering the benefits offered from antispyware solution from Search-and-destroy visit http://www.search-and-destroy.com to learn more.