| Subject: Hackers eyeing internet telephonywhat about the Phreakers? |
Author:
RJ31X
|
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: 18:55:49 02/27/06 Mon
Hackers eyeing internet telephony
Brad Howarth
FEBRUARY 28, 2006
AUSTRALIAN businesses enjoying voice over internet protocol telephony could have less than 12 months before their networks become a target of malicious activity.
Growing target: Scott Ferguson says net phone attacks are rare but increasing
Messaging security company MessageLabs's Asia-Pacific vice-president James Scollay says the likelihood of increased threats against VoIP networks means MessageLabs will introduce services for net phone management and security later this year or early next year.
"VoIP is very clearly a likely next target in information security, because it is close to the critical mass needed to make it worth a criminal's time to target it," Scollay says.
"We are predicting the first VoIP threats will start to emerge towards the end of this year and will become common in 2007."
Just as the proliferation of email opened up a vast wave of spam, Scollay says, increasing use of VoIP may lead to an flood of spit (spam over IP telephony).
Frost and Sullivan security and services industry analyst James Turner says an attack that takes down a mail server may also take down the voice system if VoIP is running on the same network infrastructure.
"Suddenly you have a building that can't communicate with the outside world any more," Turner says.
"It's heaping infrastructure on fewer systems, which means more can go wrong if those systems fail."
CheckPoint Software Asian region vice-president Scott Ferguson says attacks specific to VoIP are rare, but there have been some.
"We are seeing an increase of attacks in the data network, and it is only a matter of time before that moves to VoIP, as it becomes a bigger target and essentially more vulnerable," Ferguson says.
There are some specific protocols in VoIP, particularly in call set-up, that need to be recognised and protected, he says.
There is also the potential for network intrusion through open ports being held open by a VoIP session itself, or by another data network session, that can ultimately compromise the VoIP infrastructure through a denial of service attack.
Ferguson says the data network has often to be redesigned to allow appropriate bandwidth in some environments, because VoIP services are highly susceptible to latency.
Another potential problem is theft of voice services and the ability to enter a VoIP network and make outbound calls.
There is some susceptibility to call eavesdropping using available utilities, such as the Cain and Abel packet sniffer utility.
"We are all held highly accountable for maintaining confidentiality in an organisation, so if you cannot maintain that your call is confidential, there is clearly an issue," Ferguson says.
Most Australian businesses seem unfazed by potential risks.
Malcolm Saad, managing director of retailer Manning Shoes, says security was not a significant consideration when the retailer was installing a Netgear VoIP service.
"Our main concern was to reduce our phone bill, which was becoming quite sizeable, and getting our staff used to calling out on the VoIP line," Saad says.
"We've already got a fairly strong firewall in terms of security coming into the system."
Turner says customers will ultimately decide if the potential dangers outweigh the benefits.
"If VoIP was all bad no one would roll it out, but the reality is that people are going to get tremendous benefits from doing it," Turner says. "They are going make cost savings on their calls and from integrating voice communications with data communications."
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
| |
Feedback: 