VoIP Systems Vulnerable To Attack
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Knowing About on August 26, 2006, 6:30 am
Please log in for more thread options VoIP is well on its way to widespread adoption, but the fact that many companies haven't taken the necessary steps to toughen up security on their VoIP systems could make them attractive targets for hackers. Companies eager to tap into the ROI of VoIP are doing so without fully considering the security risks stemming from weaknesses in VoIP applications, operating systems, and structure and supporting services that could spell opportunity for hackers, said David Endler, director of security research at Marlborough, Mass.-based 3Com and its TippingPoint security business. One of the main weak links in VoIP security is the tendency for organizations to leave phones exposed to the Internet, which enables attackers to use search engines to discover information about the network that they can use in subsequent exploits, according to Endler. To guard against this threat, companies need to boost the security on VoIP phones by disabling services that aren't needed or restricting access to the specific location, Endler said. At the Black Hat conference in Las Vegas earlier this month, Endler demonstrated a technique for discovering VoIP phone extensions and user names by sending specially crafted SIP messages to a Cisco VoIP system. Cisco released a subsequent advisory in which it recommended implementing the VoIP infrastructure and data devices on separate VLANs. An attacker could use the information to exploit any vendor's SIP-based VoIP infrastructure. "Once you have the extensions, you can perform more advanced attacks," Endler said. For More Information : http://www.knowingabout.com/voip | |||||||||||||||||||
|
Posted by Rick Merrill on August 26, 2006, 8:10 am
Please log in for more thread options Knowing About wrote: What exactly does "leave phones exposed" mean? (My ATA comes after the cable modem and the ATA does NAT.) | |||||||||||||||||||
|
Posted by Lonewolf on August 26, 2006, 9:28 am
Please log in for more thread options
Phones left open to the Internet are referred to as exposed however unless the set is registered to a proxy that shouldn't be a large issue. A simple firewall should be able to provide protection. I don't view this as any more serious than anything else connected directly to the Internet. > Knowing About wrote:
> >> VoIP is well on its way to widespread adoption, but the fact that many
>> companies haven't taken the necessary steps to toughen up security on >> their VoIP systems could make them attractive targets for hackers. >> > ...>
>> One of the main weak links in VoIP security is the tendency for
>> organizations to leave phones exposed to the Internet, which enables >> attackers to use search engines to discover information about the >> network that they can use in subsequent exploits, according to Endler. >
> What exactly does "leave phones exposed" mean? > > (My ATA comes after the cable modem and the ATA does NAT.) > | |||||||||||||||||||
|
Posted by Great Vincent on August 28, 2006, 5:21 am
Please log in for more thread options
You just contact through ALGs,if this isn't safe,MSN is not safe neither. | |||||||||||||||||||
> companies haven't taken the necessary steps to toughen up security on
> their VoIP systems could make them attractive targets for hackers.
>
...>
> One of the main weak links in VoIP security is the tendency for
> organizations to leave phones exposed to the Internet, which enables
> attackers to use search engines to discover information about the
> network that they can use in subsequent exploits, according to Endler.