IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

News Feature

 

Dial VoIP For Vulnerability

 

By Susannah Patton

September 15, 2005CIO

Phone service is abruptly cut off at a Wall Street brokerage after a hacker launches a full-scale denial-of-service attack, flooding the firm’s voice servers with registration requests. An Internet worm makes its way from a retail giant’s data network to its voice network, shutting down call centers and costing millions in lost revenue. An imposter enters the phone network of a top government agency and makes away with classified information by spoofing his caller ID.

Sound far-fetched? According to security experts, such scenarios are not only plausible, they may be inevitable as companies and government agencies around the world scrap

their traditional circuit-switched phone systems and move to voice over IP (VoIP). By sending voice calls over the Internet, companies are saving millions of dollars and gaining flexibility to provide multimedia services at the desktop. But they are also exposing their voice systems to all of the hazards that now plague data networks, including worms, viruses, denial-of-service attacks, spam over Internet telephony (SPIT), eavesdropping and fraud. And they are increasing their vulnerability to attacks against the rest of the network by creating new openings into critical infrastructure, networks and systems.

CIOs ready to take the plunge with VoIP need to understand that data firewalls alone won’t protect them. They need only look to the past to remember the state of the Internet 10 years ago, when security was usually an afterthought. That was before the Nimda and Sasser worms and countless other threats came to haunt them. To head off attacks on their voice networks, IT executives need to devise a plan that includes voice encryption, authentication, VoIP-specific firewalls, and the separation of voice and data traffic. They also need to ensure redundancy in case of power loss (most traditional phone networks already require backup, but the systems will need to be expanded with VoIP). And they will have to physically secure voice servers and other equipment from intruders.

Traditional private branch exchange (PBX) phone systems have their own vulnerabilities, and in the past hackers have broken into large phone and voice mail networks. But VoIP expands vulnerability, offering more opportunities for hackers to gain access. In a recent 93-page report on VoIP security, the National Institute of Standards and Technology notes that in most offices there are many more points to connect to a LAN than there are points to connect to a PBX box. "Based on the history of attacks on various Internet services and things we’ve seen, it’s inevitable that there will be attacks on VoIP networks," says Rick Kuhn, a computer scientist at NIST and coauthor of the report. "Eventually, someone will find a way to take advantage of it."

 
 
 
 
 
 
Loading...
 
 
WIDGET
 

Stay on Top of the (Job) Market

The CIO Wanted widget is a portable window into the world of exclusive senior-level positions that you'll find posted on CIO.com's job board. Add the widget to your desktop, Facebook page, or any of 20 other online locations by clicking the "get & share" button below.

 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

A proven approach to WAN optimization

The Best IT Strategy for a Company with Global Operations

Business Velocity on a New Scale

WAN Optimization for mobile users is critical to your business success.

Report: Learn what IT organizations should do to improve their DNS/DHCP strategies

Juniper Networks is changing the economics of networking with a no-compromise, highperformance and service-oriented approach

The Case and Criteria for Combining Application Acceleration and Security

Webcast: Research insight into how organizations are using virtualization

3 Reasons to Invest in Integration Technology Now

A CIO's View of Server Virtualization

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

Increase conversions on your site with the help of EV SSL.

Data Loss Prevention Starts at the Endpoint

Performance Brief: Mobile Application Acceleration

Wireless Vulnerability Management: What It Means for Your Enterprise

Wide-area data services enable todays global enterprise

Speed, agility, flexibility - The HP BladeSystem c-Class

The Business Value of Symantec Data Center Foundation Solutions

Webcast: Why standardizing your ECM platform is so critical to your success

The PCI Data Security Standard

See why 93 of the Fortune Global 100 depend on Blue Coat.

Taking Document Automation to the Next Level

Research about the efficiencies created by different operating systems.

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

Citrix XenServer FREE trial

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Architecting A Better Network Storage Solution

Webcast: Build secure, scalable enterprise networks.

Using Adaptec(R) Snap Server(TM) with MOBOTIX IP Network Cameras

Webcast: Learn why companies must invest in an agile network infrastructure

Global Crossing is the most viable alternative for voice, video and data.

The New Foundation of Storage: Xiotech's Intelligent Storage Element

3M saved $3M on printing. Learn how HP can help your business

Survival of the Fittest: Disaster Recovery Design for the Data Center

Windows Server 2008: To Upgrade or Not to Upgrade?

How to simplify mobility and reduce the cost of supporting mobile workers

Extending PCI Compliance to the Mobile Workforce

Strategies for centralizing data backup

Green IT: Reducing Your Carbon Footprint with Citrix

Discover PMI's credentials and career path tools

Symantec State of the Data Center Report

Getting the Most from your Data Protection Solution

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Compliance by the numbers- addressing requirements with online document management and collaboration technology

Video Series: IT Leaders discuss how IT is becoming part of the innovation cycle.

White Paper: WebMethods Business Process Management Suite