Short Video on Voice/VoIP Security From Voicecon
Here is a short video where I was interviewed by Fritz Nelson of NoJitter at the most recent Voicecon. It captures a summary of where I believe we are right now with VoIP security:
http://www.nojitter.com/blog/archives/2008/03/voicecon_video.html
In summary:
o The major PBX vendors are doing a better and better job of securing their systems, although new features do add complexity and therefore, new vulnerabilities.
o Enterprises are often leaving these systems in a default configuration and/or not taking advantage of available security features.
o Enterprise VoIP systems are vulnerable. However, the threat of actual attack is still relatively low. This threat will grow over the coming years.
o An assessment of an enterprise VoIP system is the best first step in understanding and mitigating vulnerabilities.
o Denial of Service (DoS) is the major vulnerability faced by enterprises.
o Traditional/legacy voice application attacks are still much more common than VoIP attacks. Issues like toll fraud, poorly secured modems, unauthorized ISP modems, fax SPAM, harrassing callers, etc., remain big issues.
See our website for descriptions of VoIP/voice security products and services:
Comments