MCI Safeguards

By Jim Louderback  |  Posted 2004-05-12 Print this article Print

Kurt Jarvis, a technical engineer at MCI, agreed. However, he pointed to safeguards built into his companys Advantage VOIP product as protection enough. MCI uses SIPs digest authentication mechanism for hiding the user credentials as well as an expiring nonce in the challenge, which makes a replay attack more difficult. A denial-of-service attack is "possible but unlikely," he claimed, and even if it happened, MCIs UUnet-based network would clamp down and terminate the attack within five minutes. Thats fine if youre traversing just MCIs network, but not so great if you cross a boundary.
Ian Grey, a product marketing manager at Foundry Networks, is also worried. "Its absolutely susceptible" to hacks, he said. But he doesnt think a downed IP-PBX is as critical a problem as it once was. "My CEO will just pick up his cellphone" if theres a problem, Grey said.
Sure, you can tell your CEO to use his cellphone, but what about customers? What will you do when hackers demolish your voice network? How will you bring your switchboard and call center back online? Despite the assurances from MCI and Foundry, I see VOIP and SIP vulnerability as a huge problem. Without a robust security infrastructure, Internet-based voice traffic is vulnerable to all kinds of monkey business. Im a huge fan of VOIP, and I think itll change the world. But until we can protect those phones and servers from criminals, Id recommend caution. That doesnt mean you cant save money with VOIP. Take a cue from Raindances Burch and make a clear distinction between public and private networks. IP-based voice should work just fine over your secure corporate network. Just beware. When your pristine voice packets touch the dirty net, all bets are off. Editors Note: This story was updated to include more detailed information about MCIs authentication scheme. Check out eWEEK.coms Server and Networking Center at for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

With more than 20 years experience in consulting, technology, computers and media, Jim Louderback has pioneered many significant new innovations.

While building computer systems for Fortune 100 companies in the '80s, Jim developed innovative client-server computing models, implementing some of the first successful LAN-based client-server systems. He also created a highly successful iterative development methodology uniquely suited to this new systems architecture.

As Lab Director at PC Week, Jim developed and refined the product review as an essential news story. He expanded the lab to California, and created significant competitive advantage for the leading IT weekly.

When he became editor-in-chief of Windows Sources in 1995, he inherited a magazine teetering on the brink of failure. In six short months, he turned the publication into a money-maker, by refocusing it entirely on the new Windows 95. Newsstand sales tripled, and his magazine won industry awards for excellence of design and content.

In 1997, Jim launched TechTV's content, creating and nurturing a highly successful mix of help, product information, news and entertainment. He appeared in numerous segments on the network, and hosted the enormously popular Fresh Gear show for three years.

In 1999, he developed the 'Best of CES' awards program in partnership with CEA, the parent company of the CES trade show. This innovative program, where new products were judged directly on the trade show floor, was a resounding success, and continues today.

In 2000, Jim began developing, a daily, live, 8 hour TechTV news program called TechLive. Called 'the CNBC of Technology,' TechLive delivered a daily day-long dose of market news, product information, technology reporting and CEO interviews. After its highly successful launch in April of 2001, Jim managed the entire organization, along with setting editorial direction for the balance of TechTV.

In the summer or 2002, Jim joined Ziff Davis Media to be Editor-In-Chief and Vice President of Media Properties, including, Microsoft Watch, and the websites for PC Magazine, eWeek and ZDM's gaming publications.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel