VoIP Systems Vulnerable To Attack

August 27th, 2006 - Posted in VoIP

VoIP is well on its way to widespread adoption, but the fact that many companies haven’t taken the necessary steps to toughen up security on their VoIP systems could make them attractive targets for hackers.

Companies eager to tap into the ROI of VoIP are doing so without fully considering the security risks stemming from weaknesses in VoIP applications, operating systems, and structure and supporting services that could spell opportunity for hackers, said David Endler, director of security research at Marlborough, Mass.-based 3Com and its TippingPoint security business.

One of the main weak links in VoIP security is the tendency for organizations to leave phones exposed to the Internet, which enables attackers to use search engines to discover information about the network that they can use in subsequent exploits, according to Endler.

To guard against this threat, companies need to boost the security on VoIP phones by disabling services that aren’t needed or restricting access to the specific location, Endler said.

At the Black Hat conference in Las Vegas earlier this month, Endler demonstrated a technique for discovering VoIP phone extensions and user names by sending specially crafted SIP messages to a Cisco VoIP system. Cisco released a subsequent advisory in which it recommended implementing the VoIP infrastructure and data devices on separate VLANs.

An attacker could use the information to exploit any vendor’s SIP-based VoIP infrastructure. “Once you have the extensions, you can perform more advanced attacks,” Endler said.

Lance Reid, CEO of NetLogic, Turlock, Calif., said the issue of VoIP security has been somewhat overhyped. “Most of the equipment is behind firewalls and on internal networks that aren’t available for public access. As with other internal systems, the only real threat is from people on the inside,” Reid said.

However, VoIP security could become a genuine problem for companies down the road, as IP-based unified communication systems are increasingly being designed to interconnect between each other, Reid said.

Source: www.networkingpipeline.com

Related Products


This entry was posted on Sunday, August 27th, 2006 at 10:24 am and is filed under VoIP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply


Recent Search Terms: samsung a127 NOKIA 6270 NOKIA 6260 samsung t 429 UFS ufs k touch E60 3gp 3gp files sgh u600 samsung a127 blackberry 8100 Flash Player download for Blackberry 8100 mms motorola v3 LG 150 pocket pc setting gprs 3 nokia p1i setting gprs 3 PHILIPPINE Long Distance Telephone Co smartphone hello kitty airtime Flash Player download for Blackberry 8100 Flash Player download for Blackberry 8100 Flash Player download for Blackberry 8100 Nokia 5300 l71 E51 faceplates Nokia 5300 9500 motorola q9c silicone cover motorola q9c silicone cover n73 modem LG C1500 Setting streaming ponsel tv
« Mozcom launches pioneer VoIP service
Belgacom buys Vodafone stake in mobile unit for 2 billion euros »