Top VOIP Security Threats Continued

vishing

So in the last post, you saw how DoS attacks and eavesdropping would be big concerns this year. Here are the last 3 points that Jim Higdon wrote about earlier this year:

3. Microsoft Office Communications Server: Hackers love attacking Microsoft, and Microsoft loves being unprepared. VIPER Lab predicts that hackers will find vulnerabilities in Microsoft Office Communications Server’s VoIP client and use it to access networks that had previously been secure, and the organization is not alone in reaching this conclusion. Network World blogger Mitchell Ashley suggests that Microsoft could learn from Vonage’s vulnerability to spoofing attacks.

I guess those of us who are using Windows are out of luck in this point. Then again, this is why business are leaning towards alternatives.

4. Vishing by VoIP: The FBI has been aware of vishing for nearly a year now, and the IC3 (Internet Crime Complain Center) recently released a report stating that vishing attacks are on the rise. With caller ID spoofing, the criminals can be very difficult to track, “due to rapidly evolving criminal methodologies,” according to the IC3.

Yup, first it was phishing, now it’s vishing.

5. VoIP Attacks Against Service Providers: These sorts of attacks will escalate, VIPER Lab predicts, because of readily available, anonymous $20 SIM cards. As UMA (Unlicensed Mobile Access) technology becomes more widely deployed to allow calls to switch from cell networks to VoIP networks, VIPER Labs warns that “service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.” Such attacks include scripting “various flood, fuzzing and spoofing attacks,” according to VoIP blogger Rich Tehrani. “The hacker could set up multiple IPSec tunnels to various PDGs in the network or across multiple GPRS sessions [generating] up to 10,000 messages per second … equal [to] the traffic of 10 million users,” he wrote.

Knowledge is power. I hope that exposing these threats will help you make your VOIP system more secure.

Top VOIP Security Threats

security threat
VOIP is definitely a cost effective way to manage communications, both for business and personal use alike. As with many other things in life, though, VOIP does have some downsides to it. Jim Higdon writes a very information article on the top security threats for VOIP this year. Here is his list – complete with explanations as to why they have predicted these items as part of the top VOIP security threats for 2008:


1. DoS (denial of service) Attacks on VoIP Networks: This has been a concern for the IEEE (Institute of Electrical and Electronics Engineers) since 2006, and VoIP watchers have been concerned about DoS attacks for the past year. DoS attacks can overwhelm your company’s phone lines, creating long-term busy signals, forced call disconnects and an exhausted work force.

2. VoIP Eavesdropping: In June 2007, it was learned that a hacker with a packet sniffer and VOMIT could tap directly into VoIP calls. Then it was learned that those vulnerabilities could also lead to DoS attacks. “Anyone on your network,” stated an article found at EnterpriseVoIPPlanet, “anyone on other networks that you contact — and all points in between, including service providers — all have the opportunity to do an awful lot of juicy snooping.” Not to mention, of course, that the FBI and other security agencies can do all the VoIP snooping that they want. How do you prevent unwanted listeners on your VoIP calls? Place all VoIP phones on separate, secured vLANs to protect against rogue devices, then protect that vLAN against the introduction of unauthorized devices. Once you’ve isolated your VoIP devices, limit their inbound and outbound traffic so that they can only communicate with their call manager, encrypt the calls that travel over public networks, and watch the news and get ready to react, according to SearchSecurity.com.

Let’s cut this short for now – I’ll post the other points in the next entry.

Open Source VOIP – Going Strong

communication
For many people, open source is the best way to go. However, we all know that there are some issues when it comes to open source software – particularly in regard to the execution. The whole idea of going open source suits most everyone except that in certain areas, software glitches and support can be a problem, especially where stability and reliability is concerned.

This is, in fact, one of the main points of those who have concerns about open source VOIP. This sector believes in the concept of open source VOIP but have doubts as to whether or not open source VOIP can meet the needs of businesses. Still, it seems that open source VOIP proponents do not have much to worry about – at least according to Carl Weinschenk of ITBusinessEdge. He posted an article on how open source VOIP continues to gain momentum on the 21st of February. He writes:

VirtualHosting.com provides some help with a look at what it considers to be the top 50 open source VoIP applications. The categories are Session Initiation Protocol (SIP) proxies; SIP clients; H.323 clients; inter-Asterisk (IAX) clients; Private Branch Exchange and interactive voice response platforms, stacks, and libraries; developers; and miscellaneous. The editors provide brief definitions of each category.

He also presents an example in Garrett Smith, an executive in the realm of VOIP, saying:

VoIP systems are selling like cyber hot cakes. While he doesn’t distinguish between open source and proprietary products, it’s clear that a good deal of what is selling is the former. A year ago, he says, one or two VoIP deals of 200-plus seats would be made per week. In a two-day span in mid-February this year, Smith said that he saw three 200-plus seat contracts, “a handful” of 50- to 75-seat deals, and deal of more than 4,000 seats in 26 locations. In addition, margins are better and deals are easier to close. He offers three reasons this may be happening: the technology is better trusted, businesses are better educated and sales people are doing their jobs better.

More so, BPOs and call centers are quickly looking into open source VOIP as a solution. In any case, if this article is any indication, then we can expect open source VOIP to become a major player in the realm of communications in the near future. There will always be detractors, of course. After all, you cannot please everyone.

Social Networking Benefits From VOIP

girl with headset

I was talking to a younger cousin the other day and I was surprised at how involved she is in social networking. I was asking her about her friends and activities and a large part of the conversation revolved around her friends whom she met online. I guess I should not have been surprised at all, with the way technology is constantly evolving to become part of our everyday lives.

Social networking, in particular, has reached astronomical heights in popularity. People of all ages and all backgrounds are coming together online, meeting and interacting through various web sites and instant messaging services. Add to this VOIP and you have a complete range of social networking services.

Think back to several years ago – the main way that people interacted online was through text. They sent e-mails back and forth. Offline messages were sent the same way. Real time conversations were conducted by typing messages on the keyboard. When it became possible to chat through voice – thanks to VOIP – communication became even easier. Now, people with “fat fingers” do not have to worry about having to type as fast as they can speak! All they have to do is plug in a headset and chat away.

Years ago, chatting through voice was limited to computer to computer calls. This was (and is) free. All one needs to do is to log in to a chat room or an instant messaging service and make sure that his/her friends do the same. Today, with various platforms offering computer to telephone calls through VOIP, communicating with friends is even made easier. More than that, the communication costs are slashed down to very minimal amounts.

Realizing this benefit that VOIP brings to communications online, social networking web sites are quick to take advantage of it. There are many online dating sites which offer additional features taking advantage of VOIP. For example, an online dating site may offer a feature wherein their members can talk to each other through voice without the members having to disclose their phone numbers immediately. This is particularly significant for individuals who are concerned about their privacy. Other social networking sites have also added widgets wherein a “call me” button can be placed on a member’s profile.

These may seem “little” but looking at the overall picture, one can indeed say that VOIP is changing the landscape of communications in many different aspects.

New VOIP Headsets From Sony

I have always looked forward to Sony coming up with new products. The big company may have its detractors but I personally like how they go about their business and the nifty gadgets that they come up with. How about some new headsets that are VOIP compatible?

Sony recently announced a new range of VOIP compatible headsets that are sure to create some waves as soon as they are released. Here is Tech Digest’s report on the matter:

Sony has introduced a new range of lightweight headsets for both music and VoIP calling, all designed for clear voice transmission with a fully adjustable rotating flexible boom microphone, Sony’s noise cancelling technology, Acoustic Twin Turbo Circuits and a Silent Cap Design for reduced sound leakage.The range includes the basic DR-220DP in metallic orange and silver, the DR-220DPV, which adds with volume control, the purple DR-G250DP with ‘collapsible street style design’ perfect for travel and padded ear pads, the DR-260USBS hands-free stereo headset with removable USB audio box for volume and microphone sound control, the DR-115DP with swivel feature for right to left ear switching and finally, the top-end DR-EX230DP, which offers in-ear silicon ear-buds in three sizes for comfort, an in-line microphone for sound recording and a travel case.

I like the fact that the new headsets can be used both for listening to music and to make calls over the Internet. The very important noise canceling technology should be the highlight of the products. When they do come out, VOIP users would be looking hard at just how effective Sony’s technology is. Tentative prices are 24 Euros to 45 Euros (USD35 to USD66) – not bad for a good VOIP headset.

Asterisk in Focus: What’s Great About It?

As I was reading some old news and features on VOIP and related topics, I ran across a feature on Asterisk, which was published about a year ago. The title is “What’s So Great About Asterisk?” and it was an article published on VOIP-NEWS. The main point of the article about Asterisk is that it is open source and that means it is far cheaper than its mainstream counterparts. On the other hand, the article points out that support may not be as reliable for Asterisk as compared to the proprietary versions. This, of course, is an essential consideration for businesses.

The downloaded Asterisk software is community-supported through email and online forums and this works for many folks, Miller said. But for mission-critical businesses he recommends them using Digium’s Asterisk Business Edition for a “fully regression tested” version of Asterisk that comes with 24×7 tech support and complete maintenance and support programs.

Large enterprises will also have to be convinced that open source PBXs, which so far have mostly been used in small and medium sized businesses, will scale to the thousands of users they need the products for.

This point of view is understandable although I would say that since the article was published, a lot has changed (for the better) with Asterisk and open source PBX in general, don’t you think?

Another point that caught my interest in the article:

Does that mean open source PBXs will soon brush the proprietary versions aside? Unlikely, though as users get more comfortable with other open source solutions such as Apache, Linux and MySQL, which are in the mainstream now, they’ll also get more comfortable with Asterix and other open source PBX solutions.

Indeed, just because something is considered open source now does not mean that it will stay so forever. And more so, just because something is open source does not automatically mean that it will not be appropriate for “professional” applications! I am sure that there will be many others who will agree with me when I say that Asterisk works just fine for many business, especially those who lean towards the small scale.

Perhaps it is a matter of analyzing and determining one’s needs first. The next step would be to determine if Asterisk (and other open source systems) could provide an answer for these needs. Go over forums and discussion groups, though, and I am sure that you will see a lot of individuals and business owners testifying for open source systems.

Hi-tech Features With Hosted PBX

We all know how VOIP can drastically cut costs – both for personal use and business purposes.  When it comes to the latter, however, business owners are always looking for ways to cut down on the costs and yet at the same time, be able to maintain top features for the business.  If the business is big, there is usually no problem – they have the budget for these things.  However, for small businesses, the budget is usually tight.  As a result, they usually have to settle for low-end technology and this includes their phone systems.

With new technology becoming more available and at a more affordable cost, small business now have a chance to avail of services that can make them look like Fortune-500 companies – without having to spend as much.  How is this possible?  Through hosted PBX.   What are the benefits of hosted PBX?  According to Brian Solomon of TMCNet:

This new service, hosted, can give your small company the professional image, improved efficiency, and business intelligence normally available only to the largest firms. And depending on the type of hosted PBX you choose, you don’t have to do any equipment installation, maintenance, or upgrade – the hosted PBX provider does it all.

One of the most important assets of a small business is its image. You can invest in a pretty web site and buy nice stationary, but when clients call you do they hear professionalism or “small time”? Many small businesses simply route all calls to one phone and tell callers to call a different number if the person they want isn’t close by. With a hosted PBX service, your callers can hear a professionally recorded greeting to get menu options for connection to individuals or departments – just like a Fortune 500 corporation. Even a company of just one person can still let callers dial for sales, support or customer service. You look bigger to your clients and when the call is connected you know what the caller wants to talk about.

Once your caller selects a menu option, a hosted PBX can route the call to any employee, just like a hardware PBX system. But with a hosted PBX, your employees don’t have to be at an office phone. In fact, you don’t even need to have an office. Hosted PBX systems are one of the single most important enablers of virtual companies. Employees can take calls on cell phones or home lines. The caller gets to the right employee and you can save money on office rent and utilities.

Now that’s what I call bang for your buck.

VOIP Industry Helping Eliminate Bad Debt

Remember my friend I was talking about in the last post?  I mentioned something about his phone bill being in the thousands when he was still here in the US.  It was so bad that he even reached the point wherein he had to have his phone service cut off for a time.  Now that is what we call bad debt.

I am sure that my friend is not alone.  There are probably countless individuals out there who have had the same experience with conventional telecommunications providers.  At one point or another, they have to cut their phone service because of bad debt or they have to cut back on their activities.

With the VOIP industry becoming more and more pervasive today, however, bad debt with regard to telephone charges is becoming less.  How so?  Aside from the fact that VOIP allows for far cheaper calls, the industry also has a different scheme from conventional telecommunications operators.  The norm in the VOIP industry is that customers can access their VOIP accounts and make phone calls via pre-paid plans.  Customers can normally buy pre-paid credits and then go about with their own business.  The account remains active while there is still credit in the account.  Each phone call eats up the credits.  Once the account credit hits zero, the customer cannot make phone calls anymore.  He or she would have to purchase another set of credits in order to continue using his VOIP account.

Simple, isn’t it?  And yet, it is a very effective way to control debt that may arise from too much activity on the phones.  This is how the VOIP industry is helping eliminate bad debt.

On the other hand, conventional telecommunications companies normally offer plans which are post-paid.  That simply means that a customer can simply make all the phone calls that he or she wants and just pay when the bill comes around.  This could be convenient in a way, since your service will not be cut off (unless you have not paid for a certain period of time).  This practice, however, provides an easy way to get into debt.  To be fair, some telecoms offer pre-paid service now.  This also contributes to controlling customers’ spending on phone calls.  However, the fact remains that VOIP calls still cost a mere fraction of conventional phone calls, especially if we are talking about long distance and overseas calls.

VOIP and Your Money

There is no doubt about it – VOIP is here to stay.  I suppose that you can assume that anyone who has had any experience with the Internet for the past few years would have at least a vague idea of what VOIP is all about.  Yet you would be surprised at the number of people who do not know all that much about this wonderful technology and its implications on one’s personal finances.

Take my friend, for example.  He has been living in Asia for the past 3 years.  Before he went over there, he had regular interaction with clients and friends.  He was in the United States, his clients and friends were in various Asian countries.  He had to call several people everyday for hours on end.  What did he use?  His regular phone operator, which cost him thousands of dollars in phone bills.

Today, he has changed tactics and is using VOIP to make his all his phone calls to the United States and other parts of the world.  Say, on an ordinary day, he would have to call a client in Australia.  They spend about 30 minutes on the phone.  Right after that, he wants to call his parents in the United States.  They talk for about an hour.  Later in the day, he has to call another client in the UK.  They talk for around 45 minutes.  This is a typical day in his life.  You can just imagine how much his phone bill would have been if he were using a regular phone!  With VOIP, however, he does not pay more than $20 a month, even less!

So how does VOIP manage to cut down telephone bills by this much?  The major thing is that VOIP avoids toll fees that are charged by conventional telephone companies that utilize the standard public switched telephone network.  On top of this, VOIP is not covered by Federal USF and FCC Line Charges.  This is due to the fact that the voice calls are made over the Internet.  As such, the cost of VOIP calls is cut down even more.

As you can see, VOIP is not merely a trend or a fad that will be gone tomorrow.  With the way it is saving people money, it will surely be here to stay.  If you have not tried out VOIP yet, then maybe it is about time that you did.