Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] German security agency warns of VoIP security risks

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] German security agency warns of VoIP security risks
Date: Thu, 27 Oct 2005 02:10:58 -0500 (CDT) 
http://www.computerworld.com/securitytopics/security/story/0,10801,105728,00.html

By John Blau
OCTOBER 26, 2005
IDG NEWS SERVICE

Germany's Federal Office for Security in Information Technology (BSI)
is warning businesses of potential security risks with voice-over-IP
(VoIP) technology, in a study presented at the Systems IT exhibition
and conference in Munich.

The VoIPSec report, released Monday at the opening of Systems,
appeared one day before Skype Technologies SA, one of the world's
largest providers of VoIP service, acknowledged critical flaws in its
software and urged users to upgrade to the latest version.

In its report, the BSI warned that although no spectacular attacks in
the business world have been reported yet, it's only a matter of time
before problems emerge.

The report lists 19 varieties of attacks on VoIP systems that can lead
to a number of security threats, such as identity theft, data
manipulation, transmission errors and incorrect billing. Also, VoIP
opens the door to the various forms of malicious software that can
spread wildly in data networks, such as viruses, worms and Trojan
horses, according to the report.

Authors of the VoIPSec study are urging companies to analyze where
they plan to implement VoIP, how crucial secure communication is to
that particular business process and what level of security can be
ensured. And although one of the biggest sales pitches of companies
supplying VoIP systems is the convergence of voice and data networks,
the authors are recommending a separation of IP voice and IP data
networks."

The study is available online in German [1].

In a panel discussion at the Systems conference, Manfred Fink,
president of Manfred Fink Security Consulting, urged businesses to be
aware of the hype surrounding VoIP. "Manufacturers are telling
businesses how they can save money by converging their voice and data
networks," he said. "But IT managers should be aware that the money
they may save in combining their IP voice and data networks could be
offset by the money they will need to spend to make these networks
secure."

Detlev Henze, a security expert in the IT security unit of the safety
control agency TUV Rheinland Group, urged users to move "very
carefully" in deploying VoIP technology, especially on a global basis.  
"It's best to start in small, closed user groups and to work closely
with security experts who are aware of the many potential risks
involved in VoIP," he said. "This is a moving target."

The Systems event runs through Friday.

[1] http://www.bsi.de/literat/studien/VoIP/index.htm



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] German security agency warns of VoIP security risks, InfoSec News <=
Previous by Date:  [ISN] FISMA guidance nearly complete, InfoSec News
Next by Date:  [ISN] Security UPDATE -- Add VMware Player to Your Security Toolkit -- October 26, 2005, InfoSec News
Previous by Thread:  [ISN] FISMA guidance nearly complete, InfoSec News
Next by Thread:  [ISN] Security UPDATE -- Add VMware Player to Your Security Toolkit -- October 26, 2005, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]