Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor

Network Bandwidth Monitor
NBMonitor displays real-time details about your network connections & bandwidth usage.

   
Network Access Monitoring

Network Access Monitoring
ShareAlarmPro monitors network access to shared folders and resources.

   
Product Key Finder
Product Key Finder

Product Key Explorer retrieves over 3000 software product keys from network computers.
   
Network Shares Monitoring

Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy.

 
 

Network Security News

Security in Communications: Report to the Industry

February 25 2011

One subject that we haven't talked a lot about in the runup to Enterprise Connect is security. There was a lot of concern about security when voice first moved to IP and network managers realized that anything you could do to attack an IP network, you could now do to a voice network that ran on IP. Concerns range from basic distributed denial of service (DDoS) attacks that target the IP network, in which voice is collateral damage; to the prospect of IP packets being captured and played back in various eavesdropping or impersonation scenarios.

So what's actually been going on? How real is the security threat, and what should you be doing to combat it? That's the topic we're going to tackle on Thursday morning, a week from today, at Enterprise Connect. And I'm pleased that we've got two top experts to join us on the main stage, each of whom offers a unique perspective.

Many of you in our VoiceCon/Enterprise Connect/No Jitter extended family know Mark Collier of SecureLogix. Mark is one of the godfathers of the VOIP security issue; he was a driving force in the founding of the VOIP Security Alliance, and wrote one of the first books on this subject, VOIP Hacking: Exposed, with David Endler, then of TippingPoint. Mark', along with his SecureLogix colleague Rod Wallace, VP of Global Services, is going to share with us some of the results of a major new Report to the Industry that SecureLogix will release the morning of the session (sneak preview of this in a moment).

Mark's going to be joined on stage by Troy Lange, NSA/IAD Capabilities Manager for Mobility at the U.S. National Security Agency (NSA). We're really delighted to have Troy on the stage, as NSA is obviously a major player in all issues relating to computer and network security, and Troy is going to share some perspectives we haven't had a chance to hear at Enterprise Connect in the past.

Back to SecureLogix's Report to the Industry: I just received the completed report, and I'll be posting it on line just before the session kicks off on Thursday morning, so watch our Enterprise Connect coverage space for the download of this 23-page PDF. In the meantime, a short preview.

From the introduction to the report, here's why SecureLogix says such a document--hopefully updated annually--is needed:

Several industry reports have emerged since the late 1990s detailing real-world, measured security issues and threat levels associated with data networks and IP-based communications. Examples of such reports include the "State of Enterprise Security Annual Report" by Symantec, and the "Annual Computer Crime and Security Survey Report" by the Computer Security Institute. These reports play an important role in profiling and measuring IP and data network threats and incident levels to help guide corporate security decision making, while educating the public at large. Interestingly, a dearth of attack and threat data for voice/UC communications exists, even though voice technologies pre-date IP systems by more than 100 years. This may partly be explained by the fact that virtual or network-based crime is a fairly recent phenomenon. However, the primary explanation is the lack of real-time network monitoring tools capable of identifying and characterizing voice attacks.

In the absence of real-world data, the industry has turned to prognosticating. Most papers, presentations and discussions on Voice/UC security found today invariably focus on potential vulnerabilities discovered in laboratory environments that may or may not exist in the future as communication technologies and networks evolve. However, almost no real-word, observable data or public reports illustrate these laboratory-based, potential threats actually occurring today. While academic debates over future threats can be interesting, they are not what is needed to understand the attacks and fraud schemes that may be causing substantial damage to your enterprise and customers today.

The report has a wealth of data and conclusions about the threats to enterprise voice communications, but this chart pretty much sums up the major categories of threats, and what SecureLogix's research has found about their severity. The vertical axis is "Activity Increase" and the horizontal axis is "Severity".

The report goes on to present detailed findings under each of these categories--Social Engineering, TDoS (Telephony Denial of Service), etc. It concludes with a "Threat Forecast" that predicts, among other things:

The greatest threats to enterprises will occur because the Public Voice Network will continue to allow more VoIP-based access, will become increasingly hostile, and will therefore increasingly be the source of malicious calls. This network will increasingly look like the Internet from a call-generation standpoint. While packet attacks remain unlikely, even when using enterprise SIP trunks, voice-application level threats (harassing calls, social engineering, TDoS, vishing, and SPAM) will become increasingly prevalent and severe.

As mentioned, we'll post the whole report on line just before next Thursday's session.

Sours From

View more news

 
  Most Popular
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking Network Security Network Inventory Software
 

 

Sponsored Links
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

BlueAuditor - Monitor YourBluetooth Network
BlueAuditor detects and monitors Bluetooth devices in a wireless network and allows network administrators to audit wireless networks against security vulnerabilities associated with the use of Bluetooth devices. For more information, please visit:
nsauditor.com/bluetooth_network_scanner.html