Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] NIST raises VoIP concerns

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] NIST raises VoIP concerns
Date: Fri, 7 Jan 2005 06:41:29 -0600 (CST) 
http://www.fcw.com/fcw/articles/2005/0103/web-voip-01-06-05.asp

By Florence Olsen 
Jan. 6, 2005

Government administrators may not understand the complexity of 
installing security systems for Internet telephony, a new government 
study suggests [1]. 

Officials at the National Institute of Standards and Technology 
released a Jan. 5 report that examines security vulnerabilities in 
Internet-based telephone systems and raises concerns about an emerging 
technology that otherwise appears to offer many advantages over 
traditional telephone networks. Security concerns described in the 
99-page report suggest that the cost and complexity of installing such 
systems is greater than people realize. 

Many government agencies, including the Defense Information Systems 
Agency, plan to use voice-over-IP networks. Military commanders rely 
heavily on such systems in Iraq and Afghanistan.

Some administrators mistakenly assume that they can plug voice-over-IP 
components into a secure network and have secure voice communications. 
But the report's authors say that security measures such as firewalls 
and encryption used in traditional data networks are incompatible with 
current Internet-based telephone systems and can cause serious 
deterioration in the voice quality possible on such systems.

The report states that "essential telephone services, unless carefully 
planned, deployed and maintained, will be at greater risk if based on 
voice over IP." For example, data networks must be adapted by adding 
firewalls designed specifically for voice over IP.

To compensate for the current security vulnerabilities of 
voice-over-IP technology, NIST officials made several recommendations, 
including: 

* Creating separate subnetworks for voice and data traffic on IP 
  networks, each with their own dynamic host configuration protocol 
  servers. 

* Ensuring that 911 emergency service is available. 

* Securing physical access to the network's voice components to 
  prevent unauthorized eavesdropping on conversations. 

[1] http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] NIST raises VoIP concerns, InfoSec News <=
Previous by Date:  [ISN] Call For Articles: MISC Magazine - CanSecWest/core05, InfoSec News
Next by Date:  [ISN] SSL VPNs Will Grow 54% A Year, Become Defacto Access Standard: Report, InfoSec News
Previous by Thread:  [ISN] Call For Articles: MISC Magazine - CanSecWest/core05, InfoSec News
Next by Thread:  [ISN] SSL VPNs Will Grow 54% A Year, Become Defacto Access Standard: Report, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]