Disruptive Telephony

Cross-posted from Voice of VoIPSA:

---

What are you doing tomorrow, Tuesday, October 28, 2008, at 1pm US Eastern time? If you are around, you are welcome to join a free webinar I'll be giving on "Best Practices for Secure Unified Communications".

From time-to-time, you'll notice that those of us working with VOIPSA will take part in seminars/webinars offered by members of VOIPSA and we definitely enjoy doing so. For instance, as readers of the blog know, I've been speaking at Ingate's SIP Trunking seminars for quite some time now. We're generally open to speaking at anyone's event or webinar - as long as they understand that there is no endorsement of the company/vendors's products/services and that we are there to provide an industry-neutral point-of-view.

So tomorrow at 1pm US Eastern I'll be speaking as part of Mitel's "Discovery Series" where they invite in guest speakers from the industry. You can join the webinar for free at Mitel's site. They asked me to speak about the threats/risks to voice over IP and unified communications and talk about best practices for protecting them. Here's the abstract:

Discover Best Practices for Secure Unified Communications

Presented by: Dan York, Voice Over IP Security Alliance (VOIPSA) October 28, 2008, 1:00 PM EDT / 10:00 AM PDT / 5:00PM GMT

With the emergence of Voice-over-IP and Unified Communications, companies now have incredible opportunities to provide a rich communication experience to employees located in a single location or distributed globally. But how does a company do this in a secure manner? How is the confidentiality and integrity of corporate conversations protected? How can a company be sure that its IP phone systems and IP trunks will always be available for usage? What are the issues around protecting SIP trunks or using hosted services?

In this webinar, VoIP Security Alliance Best Practices Chair Dan York will discuss the threats and risks to Voice-over-IP, the tools that are out to test (or attack) VoIP system and solutions and best practices for protecting your systems. He'll also address concerns around SIP trunking, Spam for Internet Telephony (SPIT) and the move to push voice out into hosted/cloud computing environments and the associated concerns. Come prepared to learn about securing your VoIP system, to ask questions about your deployments and to leave with tips and resources to protect and defend your systems.

The webinar will be recorded and posted for later viewing as well. I'll note that they also have a nice companion webinar to the one I'll be giving tomorrow in one that HP representatives recently have on network security as it relates to VoIP.

Anyway, if you are available tomorrow (Oct 28th) at 1pm please do feel free to join into the webinar. I'll post a note on this site, too, when it is available for later listening.

P.S. And yes, as a couple of people have asked, I do obviously have a closer association with this webinar than I do with some of the other vendors given that I worked at Mitel for 6 years and was their point person on VoIP security issues for much of that time. It will be fun to be speaking with them again.

Technorati Tags: voip, voip security, security, voice, voice security, mitel, voipsa, danyork, dan york, unified communications

Over on Blue Box, I've now uploaded two recent episodes:

• Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…
  
  
• Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more

With that I am almost caught up with our main shows... and I still have a bunch of Special Editions to finish producing and post. I'm hoping to finish post-production on #85 tonight so that I can post it tomorrow. We'll see...

Technorati Tags: bluebox, blue box, voip, voip security, security, voice, skype, sip, dan york, jonathan zar, voipsa

Earlier this month out at ITEXPO in Los Angeles, I participated in the Ingate SIP Trunking seminars as I have been doing for the last year or so. My talk was "SIP Trunking and Security in an Enterprise Network". The slides are available for viewing or download from my SlideShare account and I'll also embed them here in this post.

I did record the presentation in both audio and video and hope to be making that available as a Blue Box podcast some time soon. I'll then sync the slides to the audio. Meanwhile... enjoy the slides!

Technorati Tags: voip, voip security, sip, sip security, voice, security, dan york, itexpo, commdev, voipsa

As I note over in my Voxeo blog post, I'll be out at the Communications Developer Conference (co-located with ITEXPO) this week in Los Angeles. I will be speaking twice. First on Wednesday morning I'll be talking about SIP Trunking and security as part of the Ingate SIP Trunking workshops from 10:15-11:15am. Next, on Thursday, I'll be speaking about "Developing Voice Applications in the Cloud", a favorite topic of mine these days.

Voxeo will also have a booth and I expect to be there. I'm also doing some video interviews and other media work (actually on both sides of the camera). I'm looking forward to catching up with a good number of folks out at the show.

If you read this blog and are out there at either the Communications Developer Conference or ITEXPO, please do come by and say hello. I posted the schedule of talks over on Voxeo's blog site. You should be able to find out more about where precisely I am through either twitter.com/danyork or twitter.com/voxeo.

Technorati Tags: conferences, voip, itexpo, communicationsdeveloperconference, los angeles, dan york, voxeo, danyork, cloudcomputing, sip, sip security, voip security

On Sunday I'll be boarding a train bound for New York City where I'll be attending SpeechTEK for Monday through Wednesday. As I mentioned previously, on Tuesday, August 19th, I'll be giving a presentation on "Securing CCXML and VoiceXML Applications":

How secure are your speech applications? As the usage of both VoiceXML and CCXML continues to explode, and VoIP usage continues to grow dramatically, especially within enterprise environments, it is increasingly important that you ensure that applications and services are not open to attack. Learn about the potential vulnerabilities in a system using VoiceXML or CCXML, what you can do to secure these systems, and how you can develop a strong architecture.

It will be fun to expand my VoIP security commentary beyond my usual scope of networks and more into voice applications. I'm planning to record it (and have permission to do so) and potentially put it out as a Blue Box podcast.

At SpeechTEK there will also be a good number of us from Voxeo there. We'll have a booth (#804) and we've got some exciting announcements coming up... ;-)

If you are down at SpeechTEK, please do drop a note and let me know.

Technorati Tags: conferences, speechtek, voxeo, danyork, dan york, voicexml, ccxml, security, voip, voip security

This afternoon I'll be heading to the airport to fly out to Chicago to be part of ClueCon this week. Haven't heard of ClueCon before? Here's the quick summary:

ClueCon - is an annual 3-Day Telephony User and Developer Conference bringing together the entire spectrum of Telephony from TDM circuits to VoIP and everything in between. The presentations and discussions will cover several open source telephony applications such as Asterisk/Callweaver, Kamailio (formerly OpenSER), Bayonne, YATE and FreeSWITCH.

Billed as the "Telephony Developer Conference" it primarily focuses on the whole world of open source telephony.

I'll be there as part of two panels. First, tomorrow I'll be joining fellow VoIP bloggers Andy Abramson and Thomas Howe on a "VoIP Roundtable" to talk about current industry themes and trends. Then on Thursday I'll be part of a "VoIP Security Roundtable" talking about... gee... can you guess?

It should be a fun event... I'm looking forward to catching up with Andy, Thomas, Moshe Yudkowsky, Jon Todd and several others. There are also some folks on the schedule with whom I have corresponded but never physically me, so that will be nice as well. If any of you reading this will also be there, please do feel free to drop me a note so that we can connect.

Technorati Tags: telephony, cluecon, cluecon2008, voip, voxeo, open source, opensource, dan york, danyork, conferences, chicago, applications, telecommunications, developers

Over on the Voice of VOIPSA weblog, I have been tracking a security issue in the iSkoot program that was transmitting your Skype username and password in the clear. The post, its comments, and the corresponding links off of it make for some interesting reading.

It also shows the speed at which the blogosphere can react and potentially help sort things out. In the space of about 48 hours, a problem was found, confirmed, identified by the vendor and apparently will be fixed shortly. I'll be writing more about this later today over on the Voice of VOIPSA weblog, but for now I'll just say that it's great to see that the problem is being dealt with.

Technorati Tags: voip, voip security, voipsecurity, security, skype, iskoot, symbian, phoneboy

I was rather surprised but pleased to see that my "Black Back Security Review" was on the list of the "Top Ten IT Conversations Shows for March 2008". My "surprise" was mostly because that particular talk is over a year old and was given at the ETel 2007 show back at the end of February 2007.

To be honest, I was not actually aware (or didn't remember, anyway) that the IT Conversations Network had distributed my talk but I'm guessing they did so with a number of the ETel sessions.

Unfortunately, they don't include the slides, which I put up in the Blue Box posting and also just generally made available on SlideShare. Without the slides, I suppose it works perfectly fine.. I've just never listened to it that way. It was still one of the most fun presentations I've ever given. Also took a ton of time to prepare. 243 slides in 14 minutes... :-) (I did write up some notes about the presentation and the style, etc.)

Anyway, it's cool to see people discovering that session again. Nice surprise!

Technorati Tags: voip, voip security, dan york, etel

I'm down in Orlando this week for VoiceCon Orlando and will be part of three sessions. Tomorrow, I'm moderating a panel at 8am on VoIP security and on Thursday I'm moderating a panel on open source telephony. On Wednesday, I'll be part of a keynote panel with Irwin Lazar on "Social networking and enterprise communication", which should be quite fun. I'll include below the full descriptions of the various sessions. If you are attending VoiceCon and want to connect, please do contact me.

---

Session Title: Top VOIP Security Threats
Date: 3/18/2008
Time: 8:00 AM
Room: Osceola B
Session Description: There's been a lot of concern about voice over IP security, but have there been many actual exploits? This session will inform you about the state of VOIP security. You'll learn about generalized IP attacks that have affected IP telephony systems deployed on IP networks, and you'll also find out what VOIP-specific attacks have actually been observed "in the wild"--and what to expect in the future.
KEY QUESTIONS: * What are the most serious voice-oriented attacks that are actually being carried out? What potential attacks haven't occurred yet but probably will before long? * How do you protect your VOIP systems against these attacks? * What types of equipment and technologies must you implement to stop voice-oriented attacks? * What specific kinds of damage can these attacks cause?
Moderator(s): Dan York - Dir of Emerging Comm Tech - Voxeo
Panelist(s): Sachin Joglekar - Vulnerability Research Lead - Sipera Systems
David Endler - Director of Security Research - TippingPoint
Mark Collier - CTO - SecureLogix

---

Session Title: Open Source for Enterprise Voice: How Much, How Soon?
Date: 3/20/2008
Time: 11:45 AM
Room: Sun C
Session Description: Open source PBXs are gaining a higher profile: Asterisk and other open-source PBX software packages continue to gain acceptance, and some traditional PBX vendors have implemented open source code for their products. But these efforts still aim mainly at smaller implementations. In this session, you'll learn why open source PBX software has growing appeal, and whether it will appeal to larger customers as the market progresses.
KEY QUESTIONS: * What level of market share and acceptance has open source PBX software attained? What is expected? * Which products use open source PBX software? * What are the most compelling reasons for choosing open source PBX software? What are the greatest areas of concern in making this choice? * What are the technical challenges of an open-source PBX deployment, and how are these overcome? * What are some real-world customer experiences with open source PBX software?
Moderator(s): Dan York - Dir of Emerging Comm Tech - Voxeo
Speaker(s): M Raza - Product Management - 3Com
Bill Miller - VP, Prod Mgt & Mktg - Digium
Tony Pereira - Business Leader Business Communications - Nortel

---

Session Title: Social Networking Meets Enterprise Communications
Date: 3/19/2008
Time: 10:30 AM
Room: Osceola C
Session Description: It?s no secret that world of enterprise communications is undergoing a transformation; IP Telephony and Unified Communications are changing the nature of the game. Now new forms of interaction, which began in the consumer/personal communications market -- blogs, wikis and online services like Facebook ? are migrating into the enterprise. Where do these social networking systems ? and mindset ? fit into the enterprise communications landscape? Join us for a discussion about what?s real today and what?s likely to happen in the future.
Panelist(s):
Dan York - Dir of Emerging Comm Tech - Voxeo
Irwin Lazar - Principal Analyst & Program Director, Collaboration & Convergence - Nemertes Research

Technorati Tags: voicecon, voiceconorlando, asterisk, opensource, socialnetworking, communications, danyork, irwinlazar

FYI, I will be down at VoiceCon Orlando on March 17-20, 2008. I'm moderating two panel sessions (see the schedule). First, up, bright and early at 8am on Tuesday, March 18th, I'll be moderating a panel on "Top VoIP Security Threats". This should be a fun one as it has VOIPSA Chair Dave Endler, Mark Collier of SecureLogix and Sachin Joglekar of Sipera Systems. I know all three of the guys, particularly Dave and Mark who have both worked on VOIPSA matters, and this session should be a good bit of fun. I'm planning on making it a rather interactive session. :-)

At the other end of the show, on Thursday, March 20th, at 11:45am, I'll be moderating a panel "Open Source for Enterprise Voice: How Much, How Soon?". This would should be interesting because it has Bill Miller from Digium (makers of Asterisk), who I know well, and M Raza from 3Com... and then Tony Pereira from Nortel! 3Com's presence on the panel isn't particularly surprising given their relationship with Digium, but it will be interesting to see Nortel's view on the matter.

All in all it should be quite an interesting show. Lots of good sessions and, I'm sure, interesting people to meet. If you're going to be down there, please do drop an email as I'm always interesting in meeting readers of the blog.

Technorati Tags: voicecon, voxeo, voipsa, securelogix, sipera, 3com, digium, asterisk, voip security, open source