SANS Top 20 Internet Security Attack Target List for 2006 includes VoIP for the first time
Today SANS announced the 2006 version of their annual “Top-20 Internet Security Attack Targets” and for the first time, VoIP is included as one of the threats. It was listed as N1:
N1.1 Description
VoIP technology has seen rapid adoption during the past year. At the same time, there has been an increase in security scrutiny of typical components of a VoIP network such as the call proxy and media servers and the VoIP phones themselves. Various products such as Cisco Unified Call Manager , Asterisk and a number of VoIP phones from various vendors have been found to contain vulnerabilities that can either lead to a crash or a complete control over the vulnerable server/device. By gaining a control over the VoIP server and phones, an attacker could carry out VoIP phishing scams, eavesdropping, toll fraud or denial-of-service attacks.
Since many VoIP servers especially the ones at VoIP service providers are an interface between SS7 (traditional phone signaling) and IP networks, an attacker capable of compromising a vulnerable VoIP server could even potentially manipulate the SS7 signaling interconnection to disrupt services on the Public Switched Telephone Network (PSTN).
See more comments and report at VoIPsa blog.
February 8, 2007 at 2:27 pm
Can You See Me Now?
Get a Home Unlimited Video Plan for your friends, family, and business associates and you can see and speak to them all you want from anywhere in the United States or Canada for one low monthly cost!
FEATURES INCLUDE: Plug-and-Play! NO need for monitor, microphone, or speakers
Same great features as other GLOBALINX plans –for more features
Low International Rates http://www.globalinx.info