Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

VoIP vulnerabilities explained by Fortify

Fortify : 10 December, 2008  (Technical Article)
Fortify attempts to raise corporate awareness of the vulnerability of voice-over-IP based private branch exchanges to attacks by hackers
Fortify Software has warned companies using VOIP private branch exchange (PBX) software to be aware that the complex program code involved with Internet telephony can make such systems vulnerable to hacker attacks.

Fortify's warning comes after the FBI has announced that users of the Asterisk VOIP PBX software should upgrade to the latest edition of the package to avoid a security flaw that allows hackers to dial-through access on their telephone systems.

'The problem facing small business users of VOIP PBX systems is that although the PBX is hooked up to the regular telephone network and a company's broadband Internet connection, most firms' IT security resources do not extend their complete protective envelope around the PBX platform,' said Rob Rachwald, Fortify's director of product marketing.

'This means that users of VOIP PBX systems who think their telephone system is covered by, for example, a firewall application, can wake up with a nasty surprise on the phone bill front, after their PBX system has been compromised,' he added.

According to Rachwald, many VOIP applications are either open source, freeware or shareware, meaning they have not usually undergone code auditing and program vulnerability analysis.

That's not to say that such software is not capable of performing the required function. Far from it, says Rachwald, but firms need to be aware of the risks involved and contact a security specialist to see whether their software - or a suitable alternative - has been code verified.

A growing number of open source applications, such as Asterisk, says Rachwald, are also being hardened and installed on more secure appliances, rather than vanilla PCs.

'In Asterisk's case, for example, a number of vendors have installed the PBX software on a specialist diskless server that not only increases security levels, but also boosts reliability and call quality. This is clearly a step forward, and may be an option for any company worried about their VOIP PBX security,' he said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo