Here is a link to the SecureLogix State of Communications Security Report. It is currently at the NoJitter site. We will post it to our website and here in a couple of weeks.
http://www.nojitter.com/sponsoredcontent/view/cid/3900003
This is the first time ever that anyone has released a security report that is focused on voice/VoIP/communications. The report describes voice security trends and includes a ton of data from 100’s of assessments, that backs up the trends we present.
By way of the Infosthetics site, I learned this morning of a video produced by Dataviz Australia that uses data from a VoIP honeypot server to visualize what the attack looks like. The Dataviz Australia blog post has more information about what they are specifically showing here. I am always intrigued to see how people can come up with new ways to enable us to look at data differently, and this is an interesting video for that. Enjoy…
Visualizing a cyber attack on a VOIP server from Ben Reardon, Dataviz Australia on Vimeo.
If you have been at the Enterprise Connect show this week in Orlando, Florida, one of the perhaps unexpected booths on the exhibit hall floor was that of the National Security Agency (NSA). The booth was staffed by two great guys (who rapidly moved away when I raised my iPhone camera) who explained that they were there as part of the agency’s “Commercial Solutions Center” looking to find commercial technology that can help with the secure mobile solutions they are looking to deploy for the NSA.
One of the NSA staff will be on a Enterprise Connect communications security panel at 9:00am in the “Sun B” room of the Gaylord Palms tomorrow (Thursday, March 3, 2011). They are also hosting a private meeting tomorrow at the Gaylord Palms from 1-3pm for people interested in learning more. The best way to find out more about that meeting would probably be to attend the 9am session. (They were promoting details at their booth, too, but the exhibit area is now closed.)
UPDATE: The session today (March 3, 2011) will be in “Emerald 8” at the Gaylord Palms in Orlando from 1-3pm.
Good to see the NSA reaching out to the commercial sector and when more information is available about their program (they said it would be soon) I’ll update this post.
Tonight I upgraded Voice of VOIPSA to the shiny new WordPress 3.1. It looks like there are no issue with our theme or any other part of the site, but if you do see anything funky, please do let me know. And if you are one of the bloggers here on the site, you may see a few changes to the user interface, and you have some very cool new ways to easily link to other articles on the site (if you are writing using the web interface).
I was not out at this year’s RSA Conference, but was following some of the conversation via Twitter. I noticed a number of good videos coming out of the event, and liked this “summary” video from David Sparks that does give an overview of some of the major themes:
David was out there on behalf of Tripwire, Inc, and produced a number of other good video interviews. I enjoyed this one with my friend Martin McKeay of the Network Security Podcast on the topic of “why is ‘cloud security’ so over hyped?”
Over on the Tekelec blog today, Dorgham Sisalem writes on “DNS and SIP: Threats and Protection“, an area of discussion that, quite frankly, hasn’t really received much attention. DNS plays a vital role in VoIP and unified communications, and so the security around DNS and SIP definitely deserves consideration. The post is not too long, so rather than summarize, I’ll just point you over there…
Can you trust “the cloud” to be there for communications? What about latency issues? availability? What should you be most concerned about?
Those are issues that I (Dan York) will be discussing on a panel on Friday, Feb 4, 2011, at the Cloud Communications Summit in South Beach, Miami. The abstract is:
There’s a general consensus that Cloud Communications improves the bottom line while reducing both financial and technology risks. What about from a security perspective? This session identifies the differences between premise based and cloud based offerings from a security perspective, and provides the audience with a checklist of what to worry about as they move into the cloud. This session is appropriate for both business and technologists.
I’ll be on the panel along with folks from Rackspace, Pac-West and Path Solutions and the whole session will be moderated by analyst Dave Michels. It should be a fun discussion… if you are down in Miami, do come and join us!
Will you be in South Beach, Miami, next week for the collection of conferences around TMC’s ITEXPO event? If so, I’ll be there participating in two sessions in Ingate System’s SIP Trunking Workshop.
First, on Wednesday, February 2nd, I’ll be on a panel at 1pm about “SIP, UC and Security”. We’ve done this panel at other ITEXPO events and it has always created some interesting conversations and discussions.
The following morning, February 3rd, at 9am, I’ll be part of a panel on “Unified Communications” where security will be one of the many factors discussed.
If you are down in Miami for ITEXPO, the Cloud Communications Summit, Digium/Asterisk World or any of the other events, please do stop by and say hello… or find me down at one of the sessions I’m in (my schedule is online). You can always email me or ping me on Twitter.
It may be a wee bit of a late notice for folks to join the call live, but in about 50 minutes, the VoIP Users Conference will have their weekly live call talking this week with folks from Humbug Telecom Labs about their tools for detecting and analyzing VoIP fraud.
You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call.
If you can’t attend the call live, a recording of the session will be made available later from the episode’s web page.
If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.
Last Friday there was news out of the Chaos Computer Club Congress in Berlin that two security researchers, Karsten Nohl and Sylvian Munaut, had successfully cracked the encryption used in the GSM cellular network. While not “VoIP”, per se, this is of interest to any of us working with VoIP as many VoIP clients are now working on “smartphones” running on top of the GSM network (like, oh, the iPhone, among others). Some of the articles on this topic:
The researchers are apparently not releasing their toolkit publicly, but obviously word of their success will encourage others to investigate further.
If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.