The Earthtimes online News
Home


VoIPshield Laboratories Uncovers Over 100 Vulnerabilities in Leading Enterprise VoIP Systems

Posted : Wed, 02 Apr 2008 12:18:16 GMT
Author : VoIPshield Laboratories
Category : Press Release
News Alerts by Email click here )
Create your own RSS
News | Home 
Breakthrough Research Identifies Exploits That Compromise VoIP Network Security 


OTTAWA, April 2, 2008  /PRNewswire/ -- VoIPshield Laboratories, the research division of VoIPshield Systems Inc., today announced it has discovered over 100 security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel.  A vulnerability is a design or implementation flaw in a VoIP system that can be exploited by a hacker with malicious intentions, including extortion through service outage threats, industrial espionage through call recording, or identity theft through the stealing of sensitive customer information.

VoIPshield notified the vendors of its findings earlier this year. Under the terms of its Responsible Disclosure Policy, VoIPshield works with the vendors to help them recreate the vulnerabilities in their own test labs, and offers its services to assist the vendors in determining the best remediation approach.

"It is important that companies understand the security risks associated with their VoIP systems," said Rick Dalmazzi, president and CEO of VoIPshield. "Now is the time to start planning a protection strategy, while the hacking community is still learning about VoIP, not after the attacks begin."

The vulnerabilities are cataloged and presented on the company's website at http://www.voipshield.com/research.  Each vulnerability is categorized based on an exploit's most likely malicious intent:  unauthorized access, code execution, denial of service or information harvesting. Each is also given a severity rating based on a modified industry standard index. Vendor responses are also included, indicating what action if any the vendor has indicated they will take to remediate the vulnerability, and when.

"The limited number of high-profile attacks against IP telephony has lulled most chief information security officers and voice/data managers into a false sense of security, with the result that most do not have adequate protection for their converged networks," said Lawrence Orans, research director for networking and communications equipment at Gartner Research. "As IP telephony continues to gain momentum, targeted attacks -- and possibly broad-based attacks -- will surface and gain greater visibility, highlighting vulnerabilities and the overall lack of focus on IP telephony security."

The database marks the first of ongoing announcements that VoIPshield Labs will make as it continues its research into these and other vendors' products. Avaya, Cisco and Nortel were chosen for the initial round of research because of their popularity in the North American market.  Microsoft has recently announced its entry into the enterprise VoIP market.

Just this month, communications research firm In-Stat revealed that while 80% of companies said they'd deployed some type of VoIP solution, more than 40% do not have specific plans for securing them. This finding, based on a survey of U.S. companies conducted in September 2007, was published in a report titled U.S. Businesses Lag in Securing VoIP. "Regardless of the VoIP solution that is in place or planned, security should be an integral part of an implementation from the beginning," the report summarized.

The vulnerabilities discovered are used by VoIPshield to create signatures for its enterprise VoIP security solutions:  VoIPaudit(TM), a VoIP Vulnerability Assessment system, and VoIPguard(TM), a VoIP Intrusion Prevention System (VIPS).  Users are protected against attacks attempting to exploit the known vulnerabilities. VoIPshield products are regularly updated with new signatures through the VoIPshield Update(TM) subscription service.

"Digital video and voice enabled by Voice over IP technologies are vital to commerce and are substantially at risk," said Jonathan Zar, chairman of the threat taxonomy committee of the Voice over IP Security Alliance (VoIPSA).  It is important that products be developed that are specifically designed to protect VoIP systems. VoIPSA encourages all research leading to such products."

For more information about the vulnerabilities database and VoIPshield's products visit http://www.voipshield.com/research.

About VoIPshield Systems

VoIPshield Systems Inc. develops products to secure voice communications on IP networks. Each application uses VoIPshield's proprietary database of VoIP-specific vulnerabilities and corresponding threat signatures, developed by VoIPshield Laboratories. VoIPaudit(TM) is an award-winning VoIP vulnerability assessment product.  VoIPguard(TM) is the industry's first VoIP Intrusion Prevention System (VIPS) based on signature-based and behavior-based detection technology. More information is available at http://www.voipshield.com/. 

VoIPshield Laboratories

Copyright © 2008 PR Newswire. All rights reserved.



Article : VoIPshield Laboratories Uncovers Over 100 Vulnerabilities in Leading Enterprise VoIP Systems
Print this article
Share this article
Share on
Del.icio.us
Digg
Facebook
Fark
Google
reddit
Slashdot
StumbleUpon

Have your Say
Name
Email
Subject
Your Comment

Enter Verification code
 
  

 
Your Comments

zultys
By: j rodwell , Tue, 08 Apr 2008 17:52:25 GMT

Have or will you test this switch?




Choose Theme
Green Earth Blue Earth Orange Earth Purple Earth

Search
 
You can

Current News

News Category
Business
Entertainment
Environment
General
Health
Sports
Technology
World

About us | News Archives | Browse old Archive | Feedback | Disclaimer | Mobile/PDA | News Alerts

The views expressed in the articles are not necessarily those of earthtimes.org and we accept no responsibility for the views or opinions
expressed in the articles either direct or indirect.
© 2008 www.earthtimes.org, The Earth Times, All Rights Reserved | Privacy Policy