FEATURED VIDEO
Sponsored By:
SLIDE SHOWS
As if they needed more stress, organizations are facing evolving and increasingly stringent compliance regulations from the Payment Card Industry, as well as Sarbanes-Oxley, HIPAA and others. Here are a few security compliance products that can make the audit process less excruciating.
Here are 10 of the distributor's hottest new offerings winning over solution providers.
New smartphones from Sony, Motorola and the first-ever Twitter-only mobile device -- the TwitterPeek -- headline a busy week for handset makers as the holiday shopping season heats up.
INSIDE CHANNELWEB
VOICE VAR

Top VoIP Threats And Vulnerabilities


VARBusiness logo By Andrew R Hickey, ChannelWeb

12:00 AM EST Mon. Jan. 21, 2008
From the January 21, 2008 issue of VARBusiness
Page 1 of 2
As the use of VoIP continues to grow, so does the number of threats and vulnerabilities hackers can use to attack a system. Whether it's malicious, for financial gain or for bragging rights, 2008 will see an evolving roster of threats to VoIP systems.

According to Sachin Joglekar, vulnerability research lead for Sipera Viper Lab, a research group that finds and identifies VoIP threats, some of the same attacks that started to gain notoriety in 2007 will continue through next year.

Here are nine threats and vulnerabilities Joglekar and his research team said VoIP systems will encounter:

Remote Eavesdropping
The top attack to be on the lookout for is remote eavesdropping, Joglekar said. Eavesdropping is just what it sounds like—listening in on VoIP calls, a trick that is exponentially easier in VoIP than with traditional PSTN telephone networks. Eavesdropping can represent a major communications and security breach. Those overheard conversations can be used to gather intelligence from competing businesses, or worse, used as blackmail for financial gain.

San Jose, Calif.-based Cisco Systems Inc. recently issued a security alert identifying 11 models of its Cisco Unified IP Phone 7900 Series handsets vulnerable to eavesdropping attacks. According to the networking giant, all Cisco IP phones that support Extension Mobility—which lets users log into a phone and temporarily configure it as their own—were vulnerable to the attack.

VoIP Hopping
Next in line is VoIP hopping, which can enable remote eavesdropping, but more critically compromises VLANs, which were previously trusted as providing a secure VoIP environment. VoIP hopping can enable a PC to mimic an IP phone, giving hackers the inroads to access the VoIP system.

Vishing
Similar to e-mail phishing scams, another threat to keep an eye out for is vishing, or VoIP phishing. Much like its e-mail counterpart, vishing lets hackers spoof caller ID and present a fraudulent phone identity. People who receive calls from a visher may be tricked into believing they're talking to their bank or another legitimate institution, causing them to share sensitive information.

VoIP Spam
Just like vishing works almost like e-mail, VoIP spam will again show itself this year. Though VoIP spam is really less of a threat and more of an annoyance, it's a vulnerability that's sure to be exploited, Joglekar said. Since VoIP IDs can consist of numbers or characters, they become similar to an e-mail address, meaning someone can reach you by telephone through the Internet. Spam writers can use VoIP to flood voicemail boxes with junk messages or keep the phone ringing, not allowing more important, welcomed calls to come through.

Next: Toll Fraud

 
Channelweb : Promofinder
FEATURED PROMOTIONS
Avnet 0% Lease Promotion
The Avnet Capital Solutions “0% Lease Promotion” has been extended to December 31, 2009! This offering significantly reduces ...
Double Your Money!
Cash Rewards - DOUBLED!
RELATED BLOG >>
Photo
LogLogic takes complex log data and turns it into something manageable.
ADVERTISEMENT




CHANNEL SERVICES >>