Category: Security
-
/
FYI – I’m speaking at Ingate SIP Trunking Seminar Series Sept 11 in LA (concurrent with Internet Telephony Expo)
Continue Reading: FYI – I’m speaking at Ingate SIP Trunking Seminar Series Sept 11 in LA (concurrent with Internet Telephony Expo)FYI, for those of you attending the Internet Telephony Conference & Expo in Los Angeles on September 10-12, I’ll be participating in a panel session that is part of Ingate’s SIP Trunking Seminar Series. I expect it will surprise no one to learn that I’ll be on the panel about “Enterprise Security and VoIP” wearing my VOIP Security Alliance hat. My particular session is Tuesday, September 11, 2007, from 9:30-11:00 am. (And yes, I guess it is appropriate in a way to be talking about security on 9/11!) More details and the schedule are available online.
The sessions are free and open to anyone to attend. Simply fill out the pre-registration form.
Technorati tags: sip, sip security, sip trunking, ingate, ingate systems, voipsa, voip, voip security, dan york -
/
TMC.net interviews me: "Security and Disaster Recovery for IP Telephony Systems"
Continue Reading: TMC.net interviews me: "Security and Disaster Recovery for IP Telephony Systems"Just out yesterday, TMC.Net published an interview with me titled, “Security and Disaster Recovery for IP Telephony Systems“, by Mae Kowalke, where I talk about general VoIP security issues and then get into specifics about Mitel solutions. Given that the author nicely gave me the chance to review the text and offer feedback before she published it, I have to say I’m pleased with how it came out. 🙂
(And yes, I normally blog about VoIP security over on the Voice of VOIPSA weblog, but I just field weird about posting something like this over on that site.)
Technorati tags: mitel, security, voip security, voipsecurity, dan york -
/
Travelling to/speaking at ACUTA conference in Hollywood, Florida, July 29-Aug 2
Continue Reading: Travelling to/speaking at ACUTA conference in Hollywood, Florida, July 29-Aug 2FYI, on the week of July 29th – August 2nd, I’ll be down in Hollywood, Florida, at the annual conference of the Association for Communications Technology Professionals in Higher Education (ACUTA). I will be speaking on… surprise!… VoIP security! There look to be a great number of interesting talks on the schedule, and so I’m looking forward to wearing my CTO Office hat (versus my pure “VoIP security” hat) and listening to and learning from what many of the folks involved with deploying leading-edge IP communications technologies in the education space are doing. There will, of course, also be some security talks of interest.
If any of you reading this weblog will be down there at the ACUTA conference, please do feel free to drop me a note, as I definitely do enjoy meeting with others who connect through the social media space.
P.S. And yes, Florida in late July/early August is definitely not my idea of a fun place to be… good news is that we’ll be indoors!
Technorati tags: acuta, voip security, voip, education, mitel -
/
FBI’s "Operation Bot Roast" cracks down on botnets…
Continue Reading: FBI’s "Operation Bot Roast" cracks down on botnets…Since I’ve been writing about botnets (here and here), I just had to mention that the FBI announced yesterday some arrests of botherders as part of “Operation Bot Roast” (what a great name, eh?). More coverage is available on ZDNet’s Government blog and also the Washington Post’s Security Fix blog. It’s interesting (but not surprising) to note that one of the three arrests is of Robert Soloway, the “spam king” currently in jail awaiting trial related to sending spam. The botnet saga continues…
Technorati tags: security, botnets, fbi -
/
Skype as a platform for secure VPN tunnels?
Continue Reading: Skype as a platform for secure VPN tunnels?Since Skype has an open client-side API, why not use it as a transport to tunnel VPN traffic and blow through firewalls to connect you to a remote system? That’s the idea raised by Peeter P. Mõtsküla in his Skype Developer Blog entry: “Idea: skypetunnel“. For instance, have a Skype client running on your home machine logged in as one account. Have Skype on your laptop on another account. Initiate a connection between the two of them and wind up with secure, encrypted access through the firewall from wherever you are. Being peer-to-peer, there would be no central servers or infrastructure required (outside the usual Skype p2p cloud.) This would require, of course, a yet-to-be-created “extra” that connected into the Skype client API and was installed on both systems… but that was the point of the article – to suggest that something like this could be done (and perhaps inspire someone to write one).
It’s an interesting idea, although as one commenter noted, it has already been done in a p2p fashion by Hamachi. I don’t know how large Hamachi’s p2p cloud (i.e. userbase) is compared to Skype and whether or not that even makes a difference, but the…
-
/
VoIP/IP telephony in Estonia… disrupted by botnets?
Continue Reading: VoIP/IP telephony in Estonia… disrupted by botnets?With my post earlier this month about the possibility of SIP botnets, I’ve had a number of people asking about more information and wondering about the possible impacts. And while I will write more on botnets in general, as far as the potential impact of “botnets” in general, one need only look over at the current situation in Estonia:
- Washington Post: “Cyber Assaults on Estonia Typify a New Battle Tactic“
- CNN: “Estonia suspects Kremlin in Web attacks“
- BBC: “Estonia hit by ‘Moscow cyber war’“
Now, perhaps Russia is behind the attack… perhaps not. There are obviously much larger political issues going on between the two states. In the end it doesn’t really matter on one level who exactly is behind it… the net of it is that Estonian entities are being attacked in a massive Distributed DoS (DDoS) brought about in part by botnets. For anyone doubting the potential threat, you need only to read through those news articles to understand what can happen.
In fact, I found it interesting that the UK’s Centre for the Protection of National Infrastructure (CPNI) issued an advisory today about the DDoS attacks against Estonia, mostly to reassure people in the UK that…
-
/
Heading out to Arizona for US DoD/JITC conference on telecommunications
Continue Reading: Heading out to Arizona for US DoD/JITC conference on telecommunicationsIn a few short hours, I will be catching a plane heading out to Fort Huachuca, Arizona, to swim in an alphabet soup of very different acronyms and jargon than my normal work – the “OSD-Sponsored, JITC-Hosted DOD Telecommunications Services Information Conference“. As noted on the page:
The purpose of the conference is to provide an open forum where DOD and vendor representatives can discuss issues related to interoperability of systems providing DOD Telecommunications Switched Services.
The conference will present the current program and discuss ongoing developments to the interoperability certification and information assurance procedures and test documentation. Other topics for discussion include emerging technologies, standards and their integration into the systems providing DOD Telecommunications Services.
I attended last year as well and it’s definitely an interesting experience. The US DoD is really doing some intriguing things with how they make use of VoIP / IP Telephony. Obviously security is rather important. They are also driving IPv6 adoption into their infrastructure and so, with the June 2008 mandate only a year away, it will be quite interesting to hear where they are with regard to IPv6 adoption. Obviously, their huge size and buying power is of strong…
-
/
Getting ready for VoIP "botnets" that attack SIP systems…
Continue Reading: Getting ready for VoIP "botnets" that attack SIP systems…Over on the Voice of VOIPSA weblog, I just posted “Ready or not… here come the IRC-controlled SIP/VoIP attack bots!” Given the sheer number of VoIP security tools out there, I think I and most others involved with VOIPSA figured it was only a matter of time before someone automated the attacks. Did I hope that the creation of “bots” could have held off for a bit longer? Definitely… but we have to play with the cards we are dealt.
I tried in the article not to hype the threat… that we are aware of, there are not massive botnets out there waiting to attack VoIP systems. But there is now a proof-of-concept “bot” out there and those of us dealing with VoIP security have to look at how that could impact us.
And it’s definitely a sign that we as an industry really have to get security locked down on SIP systems!
Technorati tags: voip, voip security, security, voipsa, botnets, SIP, bots, SIP security -
/
Blue Box Podcast #56 posted, beginning a series of VoIP security tutorials
Continue Reading: Blue Box Podcast #56 posted, beginning a series of VoIP security tutorialsI posted Blue Box Podcast #56 tonight and with it Jonathan and I are beginning a series of mini-tutorials on subjects related to VoIP security. In this show, we talked about voice encryption. In the next show (already recorded) we will talk about signaling encryption. The idea is to cover some basic ground so that people not familiar with the area can have a basic understanding.
Just glad to get that one up – tomorrow I’m going to work on #57 to see if I can get it online for Wednesday. We’re trying hard to get back on a weekly schedule. (#56 was intended to go up last week.)
Technorati tags: bluebox, voip security, voipsa, blue box, voip, security -
/
My article "Using IP Communications as a Tool for Disaster Recovery and Business Continuity" is now online
Continue Reading: My article "Using IP Communications as a Tool for Disaster Recovery and Business Continuity" is now onlineI just realized that I never wrote here that an article I wrote recently came out online. Published in Mitel’s “Presence” magazine, it’s titled “Using IP Communications as a Tool for Disaster Recovery and Business Continuity“. Okay, so the title’s not overly catchy, but here’s the first paragraph:
If a hurricane devastated your main office, how rapidly could you restore telephone connectivity? If a branch office had a fire or other disaster, how soon could you connect back into the main office? Or if Avian flu or some other pandemic created a situation where you needed to stay out of the office, could you access remote phone capabilities equal to that at the office? How long would it take your business to recover? How much (and how many customers) could you afford to lose in the process?
I go on to talk about why IP communications/IP telephony/VoIP fundamentally changes the traditional way you might address these issues and offers tremendous benefits. In fact, to me, the ability to put an IP phone pretty much anywhere you can get an IP address remains one of the major – if not the single biggest – disruptive aspect of…