« Skype wireless phone snipes traditional cellphones | Main | Wanted: "Slash" to run data center fabric of the future »

October 22, 2007

When good VoIP security tools turn to the dark side

Come_to_the_dark_side It's 10pm... and do you know if your VoIP network is safe? Just like any other kind of the technology, it's all a matter of who's hands tools are in as to whether they are used for good or bad. That's no different for the open source VoIP penetration testing tool VoIP Hopper, as this Wired story describes how easy it is to hack into many VoIP networks.

VoIP hopper is roughly the equivalent of an early Nessus scanner for the VoIP world. Using VoIP Hopper you can simulate the interactions between a VoIP handset and PIBXs. In the Wired article even basic security such as MAC address filtering wasn't being used on VoIP networks they broke into. Unfortunately, again, VoIP is like so many other new technologies that are widely deployed but security is an afterthought. If someone told you we were going allow some new strange mobile device onto the network, we'd at least take a second look wouldn't we? Many VoIP networks still consider the wired network inside the firewall a "trusted" network but the opposite is really true.

If you are using VoIP in your network, you should at least be firewalling VoIP traffic through a firewall setup sepcifically for SIP and VoIP call handling, preventing access to other data and servers. VLANs and MAC filtering can help but aren't a cureall. VoIP is another reason to get your network into the 802.1X era so handsets have to authenticate. Bottom line, don't take VoIP security lightly. Voice is likely your most mission critical buisness application. Bring down voice and email, and many businesses are severely crippled.

Posted in VoIP/SIP |

Technorati Tags: , , , ,

Digg This | Save to del.icio.us

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e54d69e200e5501a39c48833

Listed below are links to weblogs that reference When good VoIP security tools turn to the dark side:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

About

What I Do

  • create and grow businesses
        social media and blogger
        product creator and developer
        business development
    convergence
        software and networking,
        microsoft, mobility,
        collaboration, cloud services,
        virtualization, security,
        open source
    music
        guitarist, performer, writer
    video
        production, editing

  • Contact me about the consulting services offered by Converging Network LLC.
    Learn more about social media and how its leveling the playing field in business and thought leadership.

Social Networks

Mitchell Ashley's Profile
Mitchell Ashley's Facebook Profile
Create Your Badge

Twitter Updates

    follow me on Twitter

    Blogs & Podcasts



    Categories

    Archives

    More...

    Featured On

    • MVP blogger at MyVenturePad.com


    • Find the best blogs at Blogs.com.


      Top 10 Security Blogs at Blogs.com.

    Book Quote

    Disclaimer

    • Everything on this blog and my podcast are only my views and opinions, and are not those of my current or past employers, investors, customers or anybody else. I make no representations as to the accuracy, validity, relevance or importance of anything I say here. Some of what is said here could very well be true (most likely by accident), a lot of it is obviously made up, and all of it is only one man's opinion. All spelling and grammatical errors are purposefully placed to throw any lawyers off the trail. And if you are a lawyer, "move along... this isn't the blog you're looking for". Read and listen entirely at your own risk, and please, don't try any of this at home (work or school.) Now, get back to work - before somebody catches you reading blogs all day instead of doing something productive. And yes, consider yourself notified.

    Misc

    Blog powered by TypePad

    Enter your email address:

    Delivered by FeedBurner

    Relevant Info

    Currently Reading

    Previous Reads

    Blogroll