Product Guides- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Outlook '09
- Is VoIP dead?
- Microsoft layoff rumors continue their swirl
VoIP is making it easier to wage cyberwar, an analyst reported last week, just as flaws that make some VoIP products vulnerable were revealed.
"By 2005, the United States and other countries will have the ability to conduct cyberwarfare," according to a Gartner report. "The increasing use of voice over IP and the converging of voice/ data networks is facilitating it."
Because IP networks are subject to sophisticated, automated attacks, voice traffic on those networks is more vulnerable, says David Fraley, author of "Cyberwarfare: VoIP and Convergence Increase Vulnerability."
The release of his report roughly corresponded with the announcement by a British government agency that the H.323 International Telecommunications Union standard used in many VoIP products contains flaws that can be exploited by attackers. Cisco, Microsoft and Nortel acknowledged that some of their products are susceptible to the weaknesses in H.323, which is an umbrella standard.
"This is exactly the type of opportunity an aggressor would use to attack the U.S.," Fraley says.
The vulnerabilities can leave products open to denial-of-service (DoS) and buffer-overflow attacks, and even let hackers load malicious code, according to the U.K.'s National Infrastructure Security Co-ordination Centre (NISCC), which commissioned the tests that uncovered the problem.
Affected devices range from firewalls to routers to IP phones, PBXs and softswitches, according to alerts put out by affected vendors. None has reported detecting attacks that try to take advantage of the vulnerabilities, but advisories from vendors had customers reviewing their networks and calculating their exposure.
"We're looking into it, trying to get a better feel for the problem," says Mike Phillips, director of IT for West Virginia University Foundation, which uses Cisco VoIP equipment in its 60-person Morgantown office. He says he wanted to talk to Cisco directly to assess his risk.
|
Chicago construction company Barton Marlow was breathing easy because it had the most recent versions of software and patches for its Cisco voice gear, says Phil Go, CIO. The company uses Cisco routers to carry IP voice and data between three offices across the country. The latest version of Cisco's IOS software corrects the H.323 problem.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions.
For further information on Foundry Networks please click here.
Foundry Networks: The Answer to your VoIP Call
Foundry VoIP switching architecture provides the highest performance, lowest-latency solution on the market, with guaranteed call quality, supporting a broad range of IP telephony equipment.
Read the VoIP Solutions Guide
Leveraging the Advantages of a Multi-vendor Network Strategy
To truly align the enterprise infrastructure strategy with business requirements, organizations must build a best of breed solution based on open standards.
Click here to view whitepaper!
Comment