How Secure Is VOIP?
Over at VOIPSA, Dustin Trammell offers a bleak assessment of VOIP Security in real-world products, basing his judgment on a recent Cisco advisory concerning a number of vulnerabilities.
The attacks described in the Cisco advisory mainly deal with Denial of Service and Overflow attacks, and some can be addressed by what's emerging as an unofficial (and by no means complete or codified) set of best practices for VOIP security. For example, Cisco details a possible HTTP Server DoS vulnerability, and most security experts have already been telling enterprises to disable the Web servers on IP phones, as this advisory also recommends (and as Jonathan Roseberg of Cisco discussed at Interop New York last year).
I'm sure, as Dustin suggests, that the problems cited aren't limited to Cisco products. And the whole thing suggests that VOIP security isn't proven, but rather is untested--in other words, if you haven't encountered a major security breach, it's more likely because nobody has tried one yet.
At this juncture, I have to put a plug in for our VOIP Security tutorials and sessions at VoiceCon; I know it's our show and all, but these are really the smartest people we know when it comes to VOIP Security (that's why we invited them). I'm hoping to learn a lot from them again this year.
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
