IT Infrastructure - eWeek

Home

IT Infrastructure

Page 3 - Security Holes Make VOIP a Risky Business

	LATEST STORIES
	- Microsoft Chats Up Office Communications Ser... - Wall Street Soars 11% on Bank Rescue, Morgan... - Teradata Eyes Rivals in Data Warehouse Space... - FalconStor Launches Support for Windows Serv... - Silverlight vs. Flash: Defining Ubiquity

	BEST OF THE BLOGOSPHERE
	iPhone's Mediocre Battery Life Still Beats Rivals The Android Developer Revolt Google Feels Developers' Pain Nokia Launches Location-Aware Chat Client Parallel Processing Transforming Enterprise Computing

	eWEEK EDITORIAL CALENDAR
	For a list of what eWEEK is covering this year, go to our editorial calendar.


	Killing Botnets: A View From the Trenches from McAfee Using Security Compliance Software to Improve Business Efficiency and Reduce Costs from Symantec Using Web Conferencing to Ensure Successful Enterprise Application Deployment from WebEx Communications See All White Papers >


	Security Solutions Build a Successful Security Strategy As enterprises enable remote workers, promote collaborative tools and increase interdependence on global business partners, security challenges grow. Get up to speed on effective strategies, best practices and tools to keep data, clients, servers and mobile devices safe from threats. Join us on Sept. 17 for this interactive Virtual Tradeshow as industry experts, authorities and your peers share the information you need to build a solid security foundation. Register Now!

Enterprise Uses of Social Networks

In and Off the Cloud

Benioff on Platform Development

Most Disruptive Companies Part 3

What Can Green Do For You?

Security Holes Make VOIP a Risky Business

By Jim Louderback
2004-05-12

Article Views: 1280
Article Rating:

/ 0

Table of Contents:

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Security Holes Make VOIP a Risky Business - ' MCI Safeguards '
( Page 3 of 3 )

Kurt Jarvis, a technical engineer at MCI, agreed. However, he pointed to safeguards built into his companys Advantage VOIP product as protection enough. MCI uses SIPs digest authentication mechanism for hiding the user credentials as well as an expiring nonce in the challenge, which makes a replay attack more difficult.

A denial-of-service attack is "possible but unlikely," he claimed, and even if it happened, MCIs UUnet-based network would clamp down and terminate the attack within five minutes. Thats fine if youre traversing just MCIs network, but not so great if you cross a boundary.

Ian Grey, a product marketing manager at Foundry Networks, is also worried. "Its absolutely susceptible" to hacks, he said. But he doesnt think a downed IP-PBX is as critical a problem as it once was. "My CEO will just pick up his cellphone" if theres a problem, Grey said.

Sure, you can tell your CEO to use his cellphone, but what about customers? What will you do when hackers demolish your voice network? How will you bring your switchboard and call center back online?

Despite the assurances from MCI and Foundry, I see VOIP and SIP vulnerability as a huge problem. Without a robust security infrastructure, Internet-based voice traffic is vulnerable to all kinds of monkey business. Im a huge fan of VOIP, and I think itll change the world. But until we can protect those phones and servers from criminals, Id recommend caution.

That doesnt mean you cant save money with VOIP. Take a cue from Raindances Burch and make a clear distinction between public and private networks. IP-based voice should work just fine over your secure corporate network. Just beware. When your pristine voice packets touch the dirty net, all bets are off.

Editors Note: This story was updated to include more detailed information about MCIs authentication scheme.

Check out eWEEK.coms Server and Networking Center at http://servers.eweek.com for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

	Discuss Security Holes Make VOIP a Risky Business

	>>> Be the FIRST to comment on this article!



	>>> More IT Infrastructure Articles >>> More By Jim Louderback

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM

Sep 8, 12 p.m. ET
Leveraging Information to Address the Challenges of Today's Unique Economic Environment with Joel Shore. Sponsored by IBM

Sep 9, 1 p.m. ET
Create an Effective SOA Quality Management Strategy with Web 2.0 with Joel Shore. Sponsored by HP

Sep 9, 2 p.m. ET
The New Age of Video Surveillance with Salvatore Salamone. Sponsored by Overland Storage

Sep 10, 12 p.m. ET
Virtualization, Automation and Databases with Joel Shore. Sponsored by Parallels

Sep 10, 1 p.m. ET
Disk-Based Data Protection: iSCSI SAN and Intelligent Data with Aaron Goldberg. Sponsored by Dell EqualLogic & Symantec

Sep 10, 2 p.m. ET
Top Ten Challenges with On-Premise Email Management with Michael Krieger. Sponsored by Dell MessageOne

Sep 11, 2 p.m. ET
Tracking IT Assets with RFID: Time, Money and Accuracy Savings with Aaron Goldberg. Sponsored by CDW

Sep 11, 4 p.m. ET
Reliable: What the True Meaning of Data Protection Should Be with Michael Krieger. Sponsored by InMage

More Upcoming Events!

FEATURED CONTENT

ALL MFPs SORT PAGES.
THIS ONE SORTS YOUR OFFICE.

Visit hp.com/go/6040 for more information!

Sponsors

Satellite® Pro Series. Feature-packed, business-ready.

PAY UP TO 30% LESS FOR COLOR PRINTING.

Attend ManageFusion 08 Orlando – October 14-16

The New Seagate® FreeAgent® Go Drive. Click here.

Download Free Report: 2008 Internet Malware Trends

GroundWork Open Source. Monitor. Measure. Manage.

What can you do with two monitors and your laptop?

Let Motorola AirDefense exterminate your rogue APs.

Latitude E6400: Dell’s longest battery life yet.

Protect data-HP All-in-One and Disk-Based systems

Meet the demand for green technology with HP desktops

HP StorageWorks Scalable NAS - Next-gen storage

Get Tech On Tap technical enewsletter from NetApp.

ShoreTel - Unified Communications Made Easy.

Samsung Flash: www.samsung.com/semi/flash

RCN Metro. The Smart Alternative.

Download the “Best Antivirus Product of 2007”

MOST READ IT INFRASTRUCTURE STORIES
PAST 30 DAYS

1 - FAA Flight-Plan System Has Long History of Problems (42630)
2 - How the FAA Is Bringing Its Air Traffic Systems into the 21st Century (19847)
3 - 10 Steps Techies Should Take to Keep Their Jobs in a Financial Meltdown (13650)
4 - 5 Technology Businesses Poised to Boom in the Financial Crisis (13396)
5 - HP, EDS Close IT Services Merger at Cost of 24,600 Jobs (12434)
6 - Wall Street's 'Colossal' Risk Management Failure (9189)
7 - Top 20 Percent Projects at Google (8878)
8 - Oracle CEO Larry Ellison Spits on Cloud Computing Hype (8813)
9 - Intel 'Dunnington' Processor Offers 6 Cores for High-End Systems (8136)
10 - Tech Tax Credit Rides Bailout to Victory (8071)

Videos Sponsored by:

EWEEK E-MAIL NEWSLETTERS bring you reliable, timely information to stay on top of the business of technology -- and technology in business -- and get more out of the Web. Make your choices and start your subscriptions today!

EWEEK RSS NEWS FEEDS contain a daily feed of our latest stories from over 30 different categories including Enterprise Apps, Business Intelligence, Security, VOIP and more!

Subscribe to our RSS feeds today for free...

	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Security Network Security Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos eWeek Magazine Subscriptions Enterprise Websites: ZDE Home Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 1 hosted by Hostway.