By way of the Infosthetics site, I learned this morning of a video produced by Dataviz Australia that uses data from a VoIP honeypot server to visualize what the attack looks like. The Dataviz Australia blog post has more information about what they are specifically showing here. I am always intrigued to see how people can come up with new ways to enable us to look at data differently, and this is an interesting video for that. Enjoy…
I was not out at this year’s RSA Conference, but was following some of the conversation via Twitter. I noticed a number of good videos coming out of the event, and liked this “summary” video from David Sparks that does give an overview of some of the major themes:
David was out there on behalf of Tripwire, Inc, and produced a number of other good video interviews. I enjoyed this one with my friend Martin McKeay of the Network Security Podcast on the topic of “why is ‘cloud security’ so over hyped?”
While I was sick at VoiceCon and didn’t record any of the videos I was planning to do, it’s great to see that Fritz Nelson over at Information Week did capture this video of Mark Collier of SecureLogix:
The TechWeb folks did a nice job on the video, particularly in cutting in to some of the slides explaining what Mark was talking about. Fritz has an article accompanying the video as well.
Oh, yeah, Mark was great, too! 🙂
P.S. For those who don’t know, Mark has been involved with VOIPSA and in fact was on a panel I moderated on VoIP security there at VoiceCon.
I do have to hand it to the VoIPshield Systems folks… they really did go all out for their product launch. As I noted yesterday, they released a slew of vulnerability notices… but I didn’t notice that they also released a YouTube video “dramatizing” a potential DoS attack by someone connecting to a lobby phone. It was a Network World article that pointed me to it:
I have to say that this is the first time that I can personally remember a “VoIP security video” being uploaded to YouTube by a company doing a product launch (although Peter Cox did upload one as he was launching his consultancy). It’s also the first “dramatization” I recall seeing. (Peter’s and others (including mine) have been more documentary/interview style.)
So kudos to VoIPshield for doing something a little bit different. Nice to see.
I’m also a huge fan of telling stories as a way to talk about issues in general, so it’s good to see.
As to the video itself, I had the following comments:
- I didn’t quite get the first 45 seconds or so that seemed to be mostly someone (the attacker, presumably) turning on computers. I guess “scene setting” or something like that.
- When the attacker opened his laptop, connected the Ethernet cable, ran some script, and disconnected the cable and re-connected it to the phone, all I could think was “He must be running Linux” because my previous Windows laptop would never resume as quickly as his did! (My new Mac does, though, but the attacker is not using one.)
- It is a good illustration of the danger of having open Ethernet access in a lobby area (or a conference room that a guest is left alone in). Note that the danger exists with an open Ethernet jack, but of course with an IP phone you also have ready access to a cable.
- I am imagining that the attacker’s script: 1) hops to the voice VLAN (if a VLAN is used); and 2) sends some kind of signaling attack to the IP-PBX that crashes the system. All of which is possible depending upon the system.
- While a VoIP-aware Intrusion Prevention System certainly could help protect against this type of attack, it seems to me a stronger solution might be to look at requiring 802.1X authentication on all Ethernet devices. With 802.1X required, the attacker’s laptop would not have been able to get an IP address without the proper credentials. Of course, this would have required IP phones that support 802.1X (and some out there do).
While the video is more on the alarmist side of the security continuum than I am (but, gee, what does VoIPshield sell?), it’s nice to see someone doing something a bit offbeat and different in trying to talk about VoIP security issues.
I look forward to seeing VoIPshield’s next video…