Sipera, a VOIP security company, has come out with its Top 5 VOIP Threat Predictions for 2008. Their top concern is denial-of-service attacks through SIP trunks and mobile infrastructures. This makes sense both in its own right, and because DoS attacks are a legitimate concern based on their effect on the underlying data network.
Sipera, a VOIP security company, has come out with its Top 5 VOIP Threat Predictions for 2008. Their top concern is denial-of-service attacks through SIP trunks and mobile infrastructures. This makes sense both in its own right, and because DoS attacks are a legitimate concern based on their effect on the underlying data network.Most VOIP security folks you talk to say that, at this moment, there haven't been a ton of attacks targeting VOIP infrastructure specifically--it's more the fact that your voice systems are now running on IP networks that are already subject to attacks. (For example, check out the first third of this video, from VoiceCon San Francisco 2007, where I interviewed Mark Collier of SecureLogix.)
In general, the VOIP security environment that Sipera is depicting for 2008 is one in which there's been a fundamental shift from VOIP being collateral damage in a world dominated by attacks on the underlying IP infrastructure, to a world where attackers are devoting significant time and resources to deliberately attacking VOIP infrastructure.
For example, Sipera predicts that Microsoft Office Communications Server (OCS) deployments will be targeted in 2008, and that, "Hackers will set up more IP PBXs for vishing/phishing exploits. Vishing bank accounts will accelerate, due to ease of exploit and the appeal of 'easy money.'"
Both of these certainly seem like possibilities. Hackers love to target Microsoft because of its large user base and because it's Microsoft. And security experts do say that, among the big security threats tend to be organized criminal networks that exploit corporate data theft to steal large blocks of information.
Still, what Sipera is betting is that VOIP will be a fruitful area of focus for these types of bad guys in 2008. VOIP certainly will become such a fruitful area some day, but whether it'll be in 2008, I don't know. You never want to assume everything will be fine, but I just wonder whether VOIP and IP-telephony really will reach the critical mass that makes it an appealing target.
