Mark is SecureLogix's Technology Officer and VP of Engineering and is currently this week at VoiceCon where he is discussing a host of corporate telecom security issues and countermeasures during three different presentations.
In my struggle to better define why I blog and what it means to me, I ran across a post from Deborah Schultz, who is a blogger that I met last summer and wound up being a guest speaker at my PR Newswire Seminar in Tel Aviv.
Deborah talks about the benefits of what she calls The Relationship Economy and links to a post by Doc Searls on the subject.
My take? The Relationship Economy its own currency, based on building relationships, forming communities and creating new market opportunities.
The review in eWeek says....."The $50, 539-page book is a must-read for IT administrators, particularly those who are managing a voice network but are not totally comfortable with the technology—and are perhaps relying too much on resellers for the stability and security of the network."
Our client, VoIP Security guru, Mark Collier, who is the CTO of SecureLogix continues to gain media coverageabout his co-authored book, Hacking Exposed VoIP, along with his 2007 Predictions in the following media and blogging outlets:
Our client, Mark Collier, a leading voice over IP (VoIP) security scientist, author, and blogger, today announced the release of his “VoIP Security Trends and Predictions for 2007.” Mr. Collier’s prognostications have been posted to his popular VoIP security blog at: www.voipsecurityblog.com. Mr. Collier is CTO of SecureLogix Corporation, an enterprise telephony management and security company.
“Enterprise VoIP deployments will continue to ramp in 2007, and the frequency and severity of VoIP-specific attacks will increase as well,” stated Collier. “Here are my top VoIP security trends to watch for in 2007:
1) There is no doubt that VoIP security attacks have taken place, but very few have been widely publicized. I predict that in 2007, we will see enterprise VoIP systems attacked and the results publicized.
2) VoIP is an application running on the data network and will continue to be affected by attacks such as worms, virus, Denial of Service (DoS), etc. While these attacks may not directly target VoIP systems, they will disrupt operations because the underlying platforms are vulnerable to the attack.
3) We will also start to see more VoIP specific attacks, particularly aimed at the enterprise. There is more scrutiny of VoIP systems and attackers will find more issues that are unique to VoIP and the systems that enable it.
4) Attackers will also be developing more tools to exploit these issues. Even now, there are plenty of tools out there, but you can expect to see more tools and extensions to the tools currently available.
5) Denial of Service (DoS) will continue to be the most significant threat to VoIP systems. Many VoIP systems are very vulnerable to fuzzing and flood based attacks, including simple transport and application layer attacks.
6) You can expect enterprises to start deploying the Session Initiation Protocol (SIP) for handsets as well as connectivity to the public network. The move to SIP will affect security, because there is a long list of SIP attack tools available for use.
7) Even with the move to SIP, proprietary protocols will continue to dominate VoIP for several years. You will start to see new attack tools that target these protocols as well, especially for vendors with wide deployment (Cisco, Avaya, Nortel, Siemens, etc.).
8) Social threats such as voice phishing and voice SPAM will start to emerge. They will not be common, but their threat level will grow with the increasing adoption of VoIP. Social engineering attacks could start to become disruptive in late 2007.
9) Although vendors will increase their offerings for conversation encryption, it will not be widely employed by enterprises.
10) VoIP deployment has the potential to affect traditional networks. Attacks like DoS, SPIT, and toll fraud may “spill” over and affect legacy systems.”
About Mark Collier Mark Collier is CTO of SecureLogix Corporation, an enterprise telephony management and security company. Mr. Collier is responsible for technology research, development, and related intellectual property, including a special focus on VoIP security solutions. He has completed publicly funded research into current and future threats to VoIP systems, protocols, and application services, and is a recognized expert on enterprise VoIP security threats and countermeasures. Mr. Collier is a frequently quoted author and presenter on the topic of voice and VoIP security, and is co-author of the book “Hacking Exposed: VoIP,” for McGraw-Hill’s popular Hacking Exposed IT security series (see: www.hackingvoip.com). Mr. Collier is a founding member of the VoIP Security Alliance (www.voipsa.com), an industry group focused on VoIP security education. He authors the telecom industry’s leading blog discussing VoIP security issues at www.voipsecurityblog.com, and was recently named one of “The 50 Most Influential People in VoIP” by VoIPNews.
This new book focuses on the specific threats to enterprise voice over IP (VoIP) networks, and is the latest addition to McGraw-Hill’s internationally best-selling Hacking ExposedTM network security book series. The series aims to educate network security practitioners by detailing actual strategies, tactics, and weapons used by hackers to penetrate corporate data networks. A companion website with free security diagnostic tools can be found at www.hackingvoip.com.
As enterprise VoIP adoption continues to increase, so will the scope, frequency, and severity of VoIP-related network attacks. Although VoIP security has become a hot topic of discussion among voice administrators, the media, and industry analysts; little is really understood about which types of attacks are likely to be most prevalent, how these attacks will manifest, and what network administrators should do to prioritize and defend against these threats today and tomorrow.
Debbie Weil Debbie Weil, aka the MonaLisaOfBlogging.com, is a corporate blogging and online communications consultant and the author of the forthcoming "The Corporate Blogging Book: Absolutely Everything You Need to Know to Get It Right" for Penguin Portfolio (2006).