voice

Locking Down Your VoIP Network

It is difficult to completely isolate a voice network or VoIP server. By design they are intended to initiate and receive communications from the outside world. Attackers know this as well which is why VoIP servers represent an attractive target.

There is a variety of information that can be gathered by an attacker just by sniffing network traffic and placing calls to your network. There are also tools available to enable attackers to conduct vulnerability assessments and penetration tests against your voice network to find the weaknesses.

Read Locking Down VoIP for more about the security issues facing VoIP networks and the steps you should take to proactively identify and secure any holes in your voice infrastructure.

The Double-Edged Sword of Unified Communications

Unified communications is more than just a collection of whiz-bang tools or a hot new technology. Done right, unified communications can help an organization save significant amounts of money while simultaneously streamlining business processes and enabling innovative new communications tools adapted to the needs of the business.

The blade of that sword cuts both ways though. The downside is that merging the traditionally separate voice and data networks exposes each to the risks of the other and creates new vulnerabilities and exploits unique to the merged voice and data infrastructure. Read Voice Convergence Saves Money, Increases Risk for more about the security issues you should be aware of.

Gone Vishing

No. Its not a typo. Vishing is a new twist on phishing scams using voice, typically VoIP. There have been two prevalent vishing scams recently: one selling extended automobile warranties and one offering to reduce your interest rate on your credit cards. You may have received such calls on your home or mobile phone. Don’t bother trying to use the number on your caller ID to contact them or file a complaint though- its spoofed. The FCC has filed lawsuits against the telemarketing firms behind these scams. For more about these scams and the details on vishing in general read Protecting Yourself From Vishing Attacks.

BT Extends UC Functionality with Finder

BT, a leading global IT consultancy and service provider and a key partner for Microsoft Unified Communications, has developed an innovative new tool that extends the functionality of Microsoft Office Communications Server.

BT’s Finder utility allows users of Microsoft Unified Communications to determine how and when communications get to them. Finder can be configured to filter communications based on specified criteria and reroute them to other users or groups while a user is away on business or out on vacation. Urgent or critical communications can be automatically converted from email text to speech and forwarded to voicemail or to a mobile phone in order to communicate with users without immediate access to email. 

Finder accelerates delivery of critical information to the right person at the right time. It allows users to focus on business issues while the system handles presence, preference and device attributes in the background. In addition, Finder is another illustration of the impact of software-powered voice and the potential that exists when communications can be managed in a way that improves efficiency and enhances productivity.

Five Trends That Will Drive Unified Communications

The battle for unified communications supremacy rages on. The players all recognize that this is a lucrative market segment that will continue to grow and they each want to claim as big a piece of the market as they can.

Networking hardware and IP telephony hardware vendors like Cisco, Nortel, and Avaya have been holding their own and occupy a pretty good chunk of unified communications real estate right now. But, as the power of software-powered voice and the ability to extend and expand functionality with custom applications dawns on the world, Microsoft and IBM will leave those companies in the dust.

Last Spring IBM published a list of the five trends they felt would drive the adoption and growth of unified communications. The list still seems valid today. Here is a summary of those five trends:

1. Mobile devices and social networking will replace desks, desk phone, and desktop computers. More workers will operate virtually.
2. Instant messaging and real-time collaboration tools will emerge as the primary communications methods, surpassing email.
3. Companies will evolve beyond typical voice calls, or even basic click-to-talk functionality of soft phones and instant messaging clients and integrate new voice capabilities into innovative new business processes.
4. Interoperability and open standards will continue to evolve and help break down barriers between disparate communications systems.
5. Virtual meetings and conferencing functionality will radically change and transform the way companies conduct such meetings.

Driving Business Value With Unified Communications

There is an old saying in sales that customers ‘don’t buy the bacon, they buy the sizzle’. In other words, customers are less interested in the nitty gritty details of what a product is or how it works, and primarily interested in what it will do for them. It’s a sort of ’show me the money’ mentality.

Joe Schurman, Founder and CEO of Evangelyze Communications and author of Microsoft Voice and Unified Communications, talks about this philosophy as it related to unified communications in a recent ITWorld.com article. Schurman writes “The CEO of a company wants to know if he or she is saving money and will be impressed if the solution can integrate into the company’s business strategy…”

Read Driving Business Value with Unified Communications to learn more about the direction of unified communications and how to realize the value of increased efficiency and reduced operating costs rather than focusing on the technology itself.

Protecting VoIP Against Three Common Threats

There are a number of way, theoretically, that a VoIP communications system could pose a security risk to an enterprise. Let’s face it, while the network administrators have been in the trenches fighting unauthorized access, malware infections, data compromise, and more on a daily basis for the last 10 years, the voice guys have been sitting on a pretty stable and secure platform. While there are huge benefits for an enterprise to migrate from traditional voice to VoIP, those benefits come with a convergence onto that data network that is constantly under attack. That means that the benefits and efficiency of VoIP come with an increase in the number of security threats as well.

That said, attackers are still working on refining how to compromise VoIP for gain. Many of the VoIP weaknesss are proprietary, meaning that they vary from vendor to vendor and make it more difficult for attackers to determine targets. However, there are three VoIP threats that are consistent across pretty much all VoIP implementations and two of the three are actually just new twists on old attacks that were used against traditional voice systems as well.

The three most common VoIP threats are voice spam (sometimes referred to as SPIT (Spam over Internet Telephony), toll fraud (or theft of service), and denial-of-service attacks. For more details about these threats and what you can do to protect your VoIP network against them, check out The Biggest VoIP Securiy Threats - and How to Stop Them.

UC Provides New Attack Vectors

As companies made / make the move from traditional POTS or analog phone services to VoIP (voice over IP) communications, they introduce new risks that may lead to sensitive communications being compromised. There are plenty of books available detailing various VoIP threats and potential attacks. Unified communications introduces the concept of Presence and expands communications beyond the phone, but is primarily built on or around voice communications- generally VoIP.

Securing communications is critical for most companies and is mandated by various regulations and guidelines. UC complicates things further by blurring the line between voice, email, instant messaging, network data, voicemail, etc.. A recent article from Network World explores the cracks that UC introduces into corporate network security as well as examining some of the myths or hype around VoIP security issues.