SecureLogix

Free VoIP Security Tools from SecureLogix

SecureLogix has released a suite of VoIP security assessment tools that are available as a free download from their web site (SecureLogix.com).  The tools can help analyze the security of your VoIP network and determine whether it is susceptible to attacks such as Denial-of-Service (DoS), Man-in-the-Middle, eavesdropping, call teardown and more.

Pretty much since companies have been making the switch from traditional switched POTS (plain old telephone system) networks to VoIP, SecureLogix has been around to help secure communications. SecureLogix provides tools and services to analyze and protect both traditional and VoIP networks, and they are in the fairly unique position to assure security of both as organizations transition.

Mark Collier, SecureLogix CTO and VP of Engineering, is also known for having been co-author of McGraw-Hill’s Hacking VoIP Exposed, a part of the hugely successful Hacking Exposed series. The book contained some earlier versions of te tools released by SecureLogix. Collier maintains a blog called VoIP Security Blog.

Risk of RTP ‘Monoculture’

One of the issues or stumbling blocks facing organizations as they adopt unified communications is the interoperability (or lack thereof) between systems. A company would like to know that the platform they invest in will be able to integrate, or at least cooperate with, disparate platforms being used by vendors, customers, or future merger and acquisition targets.

In the world of VoIP (Voice over IP), there is a more or less agreed upon standard in RTP (Real-Time Transport Protocol). That is great for universal interoperability, but some have suggested that it may also pose a security risk for VoIP networks. The potential ‘monoculture’ of RTP could mean that any successful exploit against the protocol could cripple not one VoIP platform, but all VoIP platforms simultaneously.

I do agree that organizations need to be concerned with VoIP and unified communications security, but I believe that the ‘RTP monoculture’ issue is primarily FUD being used to sell VoIP security solutions from the vendors claiming the sky is falling. The thing is that monoculture is largely a myth. The ‘Microsoft monoculture’ was just anti-Microsoft FUD.

Each organization has different perimeter security, different products and applications inside the network, different security policies and controls across their environments. Yes, they may all use RTP, but everything else about their network and VoIP configuration is unique to each organization. Hopefully, if they have done their homework and put the right kinds of security controls in place, an RTP exploit that impacts one company won’t necessarily impact them.

Nortel Partners With SecureLogix for Voice Security

Nortel has formed an alliance with SecureLogix to enable Nortel VAR’s to market and sell the SecureLogix ETM System and other security services in conjunction with Nortel’s new Voice Security Services offering. Adding to the arsenal already available to Nortel VAR’s, the SecureLogix ETM System provides a powerful voice security and management platform. Nortel customers will be able to optimize their investment in voice technologies, while protecting the voice and data networks from telephony-based attacks and abuses. Unified communications and VoIP are hot technologies that many companies have adopted or are looking at implementing soon, but few have taken the time to understand the security risks or proactively safeguard their unified communications investment. Nortel and SecureLogix are moving in the right direction by recognizing the security concerns and providing products and services to help their customers leverage the benefits of these new technologies securely.