The potential danger is very real. VoIP is susceptible to the many exploits that networks generally are heir to — denial of service, buffer overflows and more. VoIP PBXs are servers on corporate networks and are only as secure as the networks themselves.In addition, there are many voice-specific attacks and threats. These have been chronicled by researchers and vendors intending to alert users and suggest ways to guard against them.
For instance, two protocols widely used in VoIP — H.323 and Inter Asterisk eXchange — have been shown to be vulnerable to sniffing during authentication, which can reveal passwords that later can be used to compromise the voice network. Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.
In addition, tools that can help find vulnerable deployments have been published online by a VoIPSA, an industry group dedicated to securing VoIP. The VoIPSA tools are intended to help businesses test and secure their networks, but these and other online tools can be used to probe for weaknesses as well.
Still, there have been few exploits so far and none that have been widespread or crippling to businesses. “We are not hearing about attacks. We don’t think they are happening,” says Lawrence Orans, an analyst with Gartner.
Part of the reason may be that the largest VoIP vendors use proprietary protocols, such as Cisco’s Skinny, Nortel’s Unistim and Avaya’s variant of H.323, Orans says. That makes them difficult to obtain and study for potential security cracks. “These systems are not readily available to the bad guys,” he says.
Thursday, December 27, 2007
VoIP in ‘08 - Good News, Bad News
With a new year, comes new worries about vulnerabilities, attacks and the like, and 2008 is no different. Whether it’s pertaining to VoIP, IT or just your e-mail account, the stuff is out there swirling around and although it’s anybody’s guess where it can land, it can be an educated guess. The folks at Network World have a good piece on what we can expect in terms of VoIP vulnerabilities in the new year and while the bad news is that threats and attacks will still continue, the good news is that from their vantage point, the situation is not as critical. Phew! You can read the entire piece right here, but in the meantime, a short excerpt:
Monday, December 17, 2007
The Top 25 VoIP Innovations of 2007
Behind all of the headlines about patent suits and service-provider collapses, the VoIP business remained full of innovation in 2007. Almost every aspect of the industry, from hardware to software to services, saw a variety of large and small breakthroughs from new and established players. Some of the most creative advances involved mixing and matching the benefits of VoIP and traditional telephony. Here, in no particular order, are 25 of the year's most interesting innovations.
Click here for the article source.
Click here for the article source.
Thursday, December 13, 2007
Firefox VoIP Extension open to any SIP provider
A new version of their Firefox VoIP extension that is open to any SIP provider. Luca writes, "A new version of the VoIP Extension is now available for download and it’s not limited to the Abbeyphone VoIP service only. You can insert your favorite VoIP service or even your company’s Asterisk PBX."
Click here to read the full article.
Click here to read the full article.
VoIP breaks onto iPhone and iPod
Voice calls over the internet have migrated onto Apple's new iPod and iPhone products through a new application created by VoIP technology developer Raketu.
Owners of the iPhone and iPod Touch can now use their device's web browser to make a connection over the web that allows them to talk to other people around the world.
Using the scheme means that international calls can be essentially free, although a monthly subscription fee to Raketu is required.
While the iPhone has already been targeted by other consumer VoIP services, Raketu's application is one of the first to work on the iPod Touch over its web connection.
However, these services are solidly aimed at individual users who are not concerned about security or being easily contactable.
Business users may find that a better IP telephony option for them could be a portable VoIP phone that is connected to their employer's IP PBX system, meaning they can make free calls but remain part of the company's voice network.
Owners of the iPhone and iPod Touch can now use their device's web browser to make a connection over the web that allows them to talk to other people around the world.
Using the scheme means that international calls can be essentially free, although a monthly subscription fee to Raketu is required.
While the iPhone has already been targeted by other consumer VoIP services, Raketu's application is one of the first to work on the iPod Touch over its web connection.
However, these services are solidly aimed at individual users who are not concerned about security or being easily contactable.
Business users may find that a better IP telephony option for them could be a portable VoIP phone that is connected to their employer's IP PBX system, meaning they can make free calls but remain part of the company's voice network.
Subscribe to:
Comments (Atom)