|
|
Experts: VOIP Just Another Way to Hack
2007-07-03
According to Brendan Ziolo, director of marketing for Sipera, which sells enterprise security appliances, almost all the customers he talks with are aware of VoIP risks, though not all have begun actively protecting their network against VoIP-borne exploits.
While security experts don't recommend that organizations or individuals avoid VoIP for security reasons, they do recommend that users recognize the new technology as a potential security risk, and employ the same level of vigilance required when wireless networks or public networks are used.
"Some industries are very aware, while others are taking more of a wait and see attitude," Ziolo said. "We don't see companies saying they don't believe vulnerabilities exist, but some haven't seen the attacks yet so they're waiting to do anything until they see the risk affecting their network."
The type of risk varies depending on the nature of the network, but most attacks fall into one of two groups, Ziolo said. The first type of attack tries to deny the owner the ability to use a system. The second attack uses the VoIP system to get information from the owner's network, either by allowing the attacker to gain access to assets, or by convincing a user to willingly give up information.
Both types of attacks are similar in many ways to attacks made through web or e-mail services, but have special effectiveness because of the relationship people have with the telephone. "[VoIP attacks] can be more severe in that people expect the voice system to work and be trustworthy," says Ziolo, adding, "People don't want to wait for the telephone system to reboot if there's a problem."
Denial of service vulnerabilities have been announced in VoIP systems from 3Com, Cisco, GrandStream, Linksys, and other vendors. In each of these cases, an unexpectedly high level of traffic or network packets that contain intentionally mis-formatted information can cause the central VoIP controller—whether a switch or a PBX—to malfunction, cutting off use of the system until it is re-booted. This time to re-boot is especially critical if the effected system is in a busy call center, where hundreds of agents are taking sales or support calls. To protect against this type of attack, experts recommend a firewall that specifically protects the VoIP protocols from attack.
One type of DoS attack that will be familiar to anyone who's dinner has been disturbed by a telemarketer is Spam over Internet Telephony, or SPIT. These unwanted calls are not yet a problem on the scale of e-mail spam, and some consulting firms—such as the Gartner Group—contend that they never will be. Gartner has told clients that SPIT is, and will remain, a very minor problem, and that money and efforts are more effectively spent protecting against other denial of service attacks.
When attackers gain access to a VoIP network they often are looking for direct monetary gain. In a case last year, the FBI arrested a Florida resident for hacking into a New Jersey company's VoIP network. After gaining access, the man was able to make un-billed long distance calls—and sell calling cards from his Fortes Telecom to others making use of the same capabilities. Since he didn't have to pay for the minutes used, the cards were highly profitable for him, and highly damaging to the company which was hacked.
Other information attacks make use of a VoIP system's capabilities to spoof the calling name, making a phishing call appear trustworthy. An example of this is criminals who have a system display the name of a bank when they call asking for personal customer information. According to Brendan Ziolo, it can be easier to spoof the caller ID coming from a VoIP system than it is to spoof the e-mail "sender" ID for a phishing spam message.
By Curtis Franklin Jr.
|
|
|
|
VoIP Providers List Information |
|
|
|
If you have any constructive thoughts, creative ideas, or reasonable offers, please, contact us.
|
|
Send Email to Helen O'Neill if you have any questions either about this website, or about VoIP providers, or VoIP in general.
|
|
Send Email to our technical support if you have any technical queries.
|
About VoIP Providers List
VoIP Providers List services save time for companies searching both for information and interconnection partners, interested in voice minutes exchange, i.e. VoIP minutes termination and origination, as well as hardware and software trade. We provide information on interconnection services, VoIP hardware solutions and VoIP software , as well as overall situation in the VoIP industry.
VoIP Providers List is constantly moderated, and thus we can guarantee that any VoIP provider published in the web-based company catalogue has provided accurate details on its services and operations.
We are constantly working on improvement and development of our services. Your comments and proposals regarding the services are highly welcome. Please, do not hesitate to contact us providing with your ideas, opinion, and feed-back. We will be grateful for any information and useful links on Voice over IP, VoIP hardware, VoIP software, and VoIP Providers. |
|
|
|
|
VoIP Providers Statistics |
|
|
Providers in database: 3315
Users Online: 226
|
|
|
