1 / 9

SIP, UC, and Security

SIP, UC, and Security. Joel Maloff Phone.com jmaloff@phone.com February, 2012. Setting the Stage for Security. SIP is a protocol incorporated into various service offerings. Unified Communications is a concept that incorporates various communications functions into a single approach.

dermot
Download Presentation

SIP, UC, and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP, UC, and Security Joel Maloff Phone.com jmaloff@phone.com February, 2012

  2. Setting the Stage for Security • SIP is a protocol incorporated into various service offerings. • Unified Communications is a concept that incorporates various communications functions into a single approach. • Ensuring the security of our communications, especially given the proliferation of the cloud, is more important than ever!

  3. Security is STILL an Issue – Even for the Big Guys! • ESG (Enterprise Strategy Group) Research surveyed large enterprises (2011) and found the following: • 20% are certain that they have been the target of an Advanced Persistent Threat (APT); 39% believe that they have likely been targeted. • Unfortunately, many of these felt inadequately prepared to respond!

  4. Security is STILL an Issue – Even for the Big Guys! • 32% - lack of security forensic skills• 29% - lack of technical skills in incident response team• 26% - inadequate ability to gather relevant information • 26% - lack of executive management buy-in to incident response policies and procedures• 25% - lack of integration between the incident response and legal team• 23% - lack of a formal external communication plan• 23% - lack of a formal internal communication plan • If companies of 1000+ employees have these issues, where does that leave the smaller organizations? • Source: http://www.networkworld.com/community/blog/2012-year-incident-response

  5. Some of the Challenges • Unified Communications is more than just voice. • Document exchange • Archival and auditing for compliance with regulatory and legal statutes • Platform-specific attacks

  6. Some of the Challenges • Eavesdropping on VoIP, IM • Hacking IP or soft phones to remotely activate them as an eavesdropping attack vector • Toll Fraud • Denial of Service Attacks

  7. Addressing the Challenges • SIP and UC are part of the business information infrastructure. • They must be incorporated into the existing information systems security policies and procedures. • Documented policies and procedures with regular review are essential for minimizing the impact of security vulnerabilities. • Vendors and service providers can help, but they are not responsible for your security plan – you are!

  8. Addressing the Challenges • IP phones are NOT phones as in the past – they are network-enabled computers and must be treated as such! • Firewalls, SBCs, ACLs, VLANs, authentication, encryption, and IDS/IPS are all tools that are to be deployed as part of a coherent PLAN – they are not themselves strategies or policies! • Security requires perpetual vigilance • Penetration testing is invaluable.

  9. Let’s hear from our panel!

More Related