Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vendor Points to VOIP Vulnerabilities

CHICAGO Supercomm 2004 – TippingPoint Technologies Inc. is looking to plug the VOIP security gap and steal a march on other vendors of intrusion and prevention systems, with enhancements to its flagship UnityOne product announced at Supercomm

today.

The company has added a series of VOIP security filters by programming new rules into the Agere-processor-powered UnityOne device, which is used within data centers and service providers’ points of presence (POPs) to inspect packets sent over the Internet.

The news highlights a key issue: With voice and data networks converging, there is growing concern that the new infrastructure will fall prey to Internet-based threats such as worms, viruses, and trojan horses.

The challenge facing many service providers is that emerging technologies are often widely deployed before their security requirements are fully tackled. According to a White Paper released by TippingPoint, testing has already identified a variety of denial-of-service and buffer overflow vulnerabilities in implementations of VOIP products that use the H.323 and SIP protocols. The study also claims that a hacker could exploit a vulnerability in a SIP protocol implementation, for example, to hijack VOIP calls.

Jon Oltsik, senior analyst of information security at the Enterprise Storage Group Inc., says, “More companies are implementing VOIP and, as a relatively new protocol, it’s likely to be attacked because of vulnerabilities.”

  • 1