CHICAGO Supercomm 2004 TippingPoint Technologies Inc. is looking to plug the VOIP security gap and steal a march on other vendors of intrusion and prevention systems, with enhancements to its flagship UnityOne product announced at Supercomm
The company has added a series of VOIP security filters by programming new rules into the Agere-processor-powered UnityOne device, which is used within data centers and service providers points of presence (POPs) to inspect packets sent over the Internet.
The news highlights a key issue: With voice and data networks converging, there is growing concern that the new infrastructure will fall prey to Internet-based threats such as worms, viruses, and trojan horses.
The challenge facing many service providers is that emerging technologies are often widely deployed before their security requirements are fully tackled. According to a White Paper released by TippingPoint, testing has already identified a variety of denial-of-service and buffer overflow vulnerabilities in implementations of VOIP products that use the H.323 and SIP protocols. The study also claims that a hacker could exploit a vulnerability in a SIP protocol implementation, for example, to hijack VOIP calls.
Jon Oltsik, senior analyst of information security at the Enterprise Storage Group Inc., says, More companies are implementing VOIP and, as a relatively new protocol, its likely to be attacked because of vulnerabilities.