- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The threats against VoIP are numerous and seem to be growing, but in 2008 the technology probably won't suffer crippling attacks.
The potential danger is very real. VoIP is susceptible to the many exploits that networks generally are heir to -- denial of service, buffer overflows and more. VoIP PBXs are servers on corporate networks and are only as secure as the networks themselves.
In addition, there are many voice-specific attacks and threats. These have been chronicled by researchers and vendors intending to alert users and suggest ways to guard against them.
For instance, two protocols widely used in VoIP -- H.323 and Inter Asterisk eXchange -- have been shown to be vulnerable to sniffing during authentication, which can reveal passwords that later can be used to compromise the voice network. Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.
In addition, tools that can help find vulnerable deployments have been published online by a VoIPSA, an industry group dedicated to securing VoIP. The VoIPSA tools are intended to help businesses test and secure their networks, but these and other online tools can be used to probe for weaknesses as well.
Still, there have been few exploits so far and none that have been widespread or crippling to businesses. "We are not hearing about attacks. We don’t think they are happening," says Lawrence Orans, an analyst with Gartner.
Part of the reason may be that the largest VoIP vendors use proprietary protocols, such as Cisco's Skinny, Nortel's Unistim and Avaya's variant of H.323, Orans says. That makes them difficult to obtain and study for potential security cracks. "These systems are not readily available to the bad guys," he says.
SIP, which is gaining popularity, is a mixed bag, Orans says, because it is readily available to those who might want to exploit it. "I would say that SIP is a good-news, bad-news story. It's easy to get your hands on, and that includes the bad guys. The good news is there are more options to protect SIP," he says. These options include firewalls and intrusion-prevention systems that support SIP (compare products).
Another reason for the lack of broad exploits is that there isn’t enough ROI for attackers' development time. Attackers' motivation may improve, however, as VoIP increases in popularity, something it is doing relentlessly.
Rss FeedRss Feed
Discover the capabilities your file integrity monitoring solution should have to effectively secure...
Realizing the Potential of User-Generated and Social NetworkingCan communication service providers (CSPs) leverage Web 2.0 services and create new service...
Digital Asset Management StrategyThe reality of Dramatically changing media landscape, has created awareness within the media and...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Leveraging the Advantages
of a Multi-vendor Network Strategy
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Click here to view whitepaper!
Comments (2)
Woops, they missed the obviousBy Anonymous on March 24, 2008, 3:52 pm Why publicly let people know VOIP is a exploitable as it is? This article SHOULD HAVE clearly stated RELEASED/REPORTED EXPLOITS not growing. Why would you...
Reply | Read entire comment
RE: VoIP vulnerabilities increasing, but not exploitsBy meatpieandtatters on December 31, 2007, 9:57 amThe number of known vulnerabilities is bound to increase as IT managers continue to stuff more and more crap technology into their networks. The bigger problem however...
Reply | Read entire comment
View all comments