Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, December 17, 2007

VoIP vulnerabilities increasing, but not exploits

The threats against VoIP are numerous and seem to be growing, but in 2008 the technology probably won’t suffer crippling attacks.  VoIP is susceptible to the many exploits that networks generally are heir to—denial of service, buffer overflows and more.  For instance, two protocols widely used in VoIP—H.323 and Inter Asterisk eXchange—have been shown to be vulnerable to sniffing during authentication, which can reveal passwords that later can be used to compromise the voice network.

Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.

The VoIPSA tools are intended to help businesses test and secure their networks, but these and other online tools can be used to probe for weaknesses as well.

Part of the reason may be that the largest VoIP vendors use proprietary protocols, such as Cisco’s Skinny, Nortel’s Unistim and Avaya’s variant of H.323, Orans says.  SIP, which is gaining popularity, is a mixed bag, Orans says, because it is readily available to those who might want to exploit it.  These options include firewalls and intrusion-prevention systems that support SIP (compare products).

Another reason for the lack of broad exploits is that there isnt enough ROI for attackers’ development time.

Hybrid PBX systems—which handle both VoIP and TDM voice—account for 64% of all PBX lines sold, according to a December 2007 Infonetics report.

Posted on 12/17