My Photo

Search Blog

  • Search Blog
    Google

    WWW
    voipsecurityblog.typepad.com

Become a Fan

Subscribe to this blog's feed

About

Add me to your TypePad People list

Recent Posts

Archives

« Several Book Reviews | Main | SPIT/Voice SPAM Announcement »

January 22, 2007

VoIP Security Trends for 2007

Here are my top VoIP security trends to watch for in 2007:

1) There is no doubt that VoIP security attacks have taken place, but very few have been widely publicized. I predict that in 2007, we will see enterprise VoIP systems attacked and the results publicized.

2) VoIP is an application running on the data network and will continue to be affected by attacks such as worms, virus, Denial of Service (DoS), etc. While these attacks may not directly target VoIP systems, they will disrupt operations because the underlying platforms are vulnerable to the attack.

3) We will also start to see more and more VoIP specific attacks, particularly aimed at the enterprise. There is more and more scrutiny of VoIP systems and attackers will find more issues that are unique to VoIP and the systems that enable it.

4) Attackers will also be developing more and more tools to exploit these issues. Even now, there are plenty of tools out there, but you can expect to see more tools and extensions to the tools that are there.

5) Denial of Service (DoS) will continue to be the most significant threat to VoIP systems. Many VoIP systems are very vulnerable to fuzzing and flood based attacks, including simple transport and application layer attacks.

6) You can expect enterprises to start deploying the Session Initiation Protocol (SIP) for handsets as well as connectivity to the public network. The move to SIP will affect security, because there is a long list of SIP attack tools available for use.

7) Even with the move to SIP, proprietary protocols will continue to dominate VoIP for several years. You will start to see new attack tools that target these protocols as well, especially for vendors with wide deployment (Cisco, Avaya, Nortel, Siemens, etc.).

8) Social threats such as voice phishing and voice SPAM will start to emerge. They will not be common, but will grow as threats with the increasing adoption of VoIP. They could start to become disruptive in late 2007.

9) Although vendors will increase their offerings for conversation encryption, it will not be widely employed by enterprises.

10) As more VoIP is deployed, it has the potential to affect traditional networks. Attacks like DoS, SPIT, and toll fraud may “spill” over and affect legacy systems.

Posted at 10:21 AM |

Technorati Tags: , ,

|

Comments

Vinny

I have written a similar article on my blog.

You can read it here: http://voipguides.blogspot.com/2006/12/top-5-voip-threats-in-2007-how-to.html

Posted by: Vinny | January 23, 2007 at 09:03 PM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Toll Fraud

Harassing Calls/TDoS