Safeguarding Networks Against Fraud. Connections 2014
|
|
- Myles Elwin Simmons
- 8 years ago
- Views:
Transcription
1 Safeguarding Networks Against Fraud Connections 2014
2 Safeguarding Networks Against Fraud Agenda Toll Fraud and VoIP Hacking Elliot Zeltzer, VP IP Engineering, BullsEye Telecom BroadSoft Tools & Tips for Fraud Prevention Rodney Barney, Director, BroadSoft Global TAC Comments on Fraud Detection Jim Dalton, CEO TransNexus Questions for the panel / Open Q&A David Dibert, Sr Director, BroadSoft Global TAC Highlights of Partners at Connections Elvis Tucker #BC14 BROADSOFT CONNECTIONS 2014 PAGE 2
3 Watch for news about our 2015 Technical Summits! Over 350 customers attended in 2014 April - June, 2015: USA (East and West coast) Europe Melbourne Australia CALA or S. Korea?
4 Toll / Network Fraud and VoIP Hacking Elliot Zeltzer, Vice President of IP Network Engineering BullsEye Telecom
5 Toll / Network Fraud and VoIP Hacking The escalating cost of toll fraud The estimated cost of toll fraud, or phone hacking, to businesses is $4 billion annually; double the cost of credit card fraud.. Toll fraud is alive and well NetworkWorld the U.S. government announced it had broken up a $55 million toll fraud ring that was operating internationally and targeting enterprise PBXs authorities in the Philippines arrested six adults and three minors for hacking AT&T and causing a $24 million loss for the carrier and its clients over the past few years #BC14 BROADSOFT CONNECTIONS 2014 PAGE 5
6 Toll / Network Fraud and VoIP Hacking How is Toll Fraud and VoIP hacking manifested Direct theft of services Monetization Industrialization of theft Not kids, not the curious Speed which the vulnerability's are converted into cash will amaze you Malicious disruption / denial of service Compromise Customer service delivery Carrier service delivery Extortion Cryptolocker Social engineering to gather and construct elements of identity theft #BC14 BROADSOFT CONNECTIONS 2014 PAGE 6
7 Toll / Network Fraud and VoIP Hacking How did we get here? Moved from TDM to VoIP Applied the same security and control constructs that we have used (or not) to VoIP Or Failed to assure that all of the IP best practices we instituted #BC14 BROADSOFT CONNECTIONS 2014 PAGE 7
8 Toll / Network Fraud and VoIP Hacking What is Toll Fraud and VoIP hacking (an abbreviated list) Toll fraud legacy model Traditionally a function on the TDM network Carrier based Call / traffic pumping Call redirection Voice mail hijacking / outcalling Platform remote access credential compromise Toll fraud new model (IP based telephony) Anyone who has a IP based telephony platform! Endpoint hijacking Host or Remote SBC (session boarder control) compromise Platform credential compromise VoIP session VoIP customer portal VoIP management platform Call forwarding redirect Voice mail hijacking / outcalling #BC14 BROADSOFT CONNECTIONS 2014 PAGE 8
9 Toll / Network Fraud and VoIP Hacking Why have we become (more) vulnerable TDM have points of entry that have been known for nearly 100 years Moved to VoIP TDM folks didn t understand that all the flaws of IP Immediately became an open door to attack VoIP #BC14 BROADSOFT CONNECTIONS 2014 PAGE 9
10 Toll / Network Fraud and VoIP Hacking Your VoIP Delivery Network An IP telephony eco system Best practices for IP Network design Firewall Host server setup and administration Partitioning and logical function separation NIDS, NIPS, HIDS Log collection digestion and interpretation Aggressive interaction with suppliers Periodic security audits and intrusion testing #BC14 BROADSOFT CONNECTIONS 2014 PAGE 10
11 Toll / Network Fraud and VoIP Hacking Tooling to catch and prevent Secure your VoIP eco system Secure the front door! Best practices IP network VoIP headend VoIP endpoints Credentialing Use Broadsoft security toolkit Activate toll fraud script Central credential infrastructure Encrypt device management Forensics Use CDR analytics Syslog and SIP heuristics for threat detection #BC14 BROADSOFT CONNECTIONS 2014 PAGE 11
12 Toll / Network Fraud and VoIP Hacking Who can help you? Join CFCA (Communications Fraud Control Association) Your suppliers Make each and every one of your VoIP technical supplier chain put skin in the game Hire the right staff Hire the right consultant(s) Do periodic security audits and intrusion tests #BC14 BROADSOFT CONNECTIONS 2014 PAGE 12
13 Toll / Network Fraud and VoIP Hacking Goal No system is perfect Build defenses high enough to cause the Fraudster / Hackster to go to someone else All of us raise the barriers high enough to have them go to somewhere else Build a moat with flaming oil, broken glass and barbed wire around your VoIP Eco system. #BC14 BROADSOFT CONNECTIONS 2014 PAGE 13
14 Thank You!
15 Protecting Your Network Against Fraud Connections 2014 David Dibert, Sr. Director, Global Technical Assistance Centers, BroadSoft Inc. Rodney Barney, Director, Global Technical Assistance Centers, BroadSoft Inc.
16 Highlights on BroadWorks Fraud Concerns Risk Areas and Reporting Process
17 Fraud Risk Perpetrators Fraud Attempts can occur from three types of parties: An Outside Hacker A Dishonest Customer Internal Employee Attack #BC14 BROADSOFT CONNECTIONS 2014 PAGE 17
18 Fraud Risk Areas And BroadWorks Toolkit Industry Identified Fraud Risks Areas Voice Portals Web/Client Portals SIP Endpoints The BroadWorks Security Toolkit can be used to help identify and mitigate fraud Identify tools available via BroadWorks #BC14 BROADSOFT CONNECTIONS 2014 PAGE 18
19 Industry Identified Fraud Risks Areas Voice Portal High Risk Area BroadWorks Voice Portal supports two services that can be the source of fraud Voice Portal Call Forwarding Always programming and activation Voice Portal Calling Service How do they get in? Hacker aware of number ranges belonging to Service Provider Once Voice Portal accessed, hacker tried to brute force passcode (Weak Passwords are a concern) Once the account is compromised, hacker looks for Call Forwarding Always Programming or Voice Portal Calling options #BC14 BROADSOFT CONNECTIONS 2014 PAGE 19
20 Industry Identified Fraud Risks Areas - Web/Client Low Risk Area Hacker identifies XSP addresses and attempts to compromise account Common XSP applications and what is accessible OpenClientServer (OCS), CommPilot, OciOverSoap XSI-Actions bwcallcenter & bwreceptionist HTTP is the main target Brute force attack #BC14 BROADSOFT CONNECTIONS 2014 PAGE 20
21 Industry Identified Fraud Risks Areas - SIP Endpoint Low Risk Area SIP endpoint are subject to two types of vulnerabilities SIP Session Hijacking SIP is vulnerable to a number of session hijacking threats when SIP Digest-Authentication is not used SIP Identity Hijacking Password was compromised or brute force attacked SIP Digest-Authentication counters these threats #BC14 BROADSOFT CONNECTIONS 2014 PAGE 21
22 Areas to Concentrate Hardening Efforts Discuss ways to eliminate/mitigate these vulnerabilities and resulting fraud DMZ XSP Hardening Password Controls Call Processing Policies Outgoing Origination/Redirection Controls SIP Hardening Options Device Management Hardening Security Tool Kit #BC14 BROADSOFT CONNECTIONS 2014 PAGE 22
23 BroadWorks Security Toolkit Helps detect fraud and identify exposures in the BroadWorks system Fraud Detection Tool Parses CDR files, report upon and/or act upon Weak Password Checker Validate AS DB passwords Redirecting Services Pattern Checker Search AS DB for Frwd-to Numbers of concern Authentication Services Assignment Checker Search the AS database for users without Authentication service assigned or with blank passwords #BC14 BROADSOFT CONNECTIONS 2014 PAGE 23
24 BroadWorks Fraud and Security Reporting Process Reporting Security Vulnerability, Security Issue, or Fraud Through the BroadSoft Ticketing System Via the problem category field Direct Contact via the BroadSoft TAC line Contact #s on ticketing interface or in the TAC Overview on Xchange These actions will alert the BroadWorks Security Response Team (SRT) of potential Security or Fraud issues #BC14 BROADSOFT CONNECTIONS 2014 PAGE 24
25 BroadWorks Fraud and Security Reporting Process How are Security and Fraud reports handled? Upon report, the Security Response Team (SRT) is alerted We meet on a regular basis to review all tickets submitted as a Security, Security Vulnerability, or Fraud We assess the criticality of each report and score them per Common Vulnerability Scoring System (CVSS) #BC14 BROADSOFT CONNECTIONS 2014 PAGE 25
26 BroadWorks Fraud and Security Reporting Process According to criticality and risk BroadSoft will take actions, which may include: Alerting customers and partners with a remedy designed to reduce the risk to customer's BroadSoft product and to avoid further exposure or fraud. Provide patches for current releases covered under maintenance and support. Provide any necessary updates to the BroadSoft security documentation. Provide updates to our security ToolKit #BC14 BROADSOFT CONNECTIONS 2014 PAGE 26
27 Thank You! A special thanks to Mark Kushnir of BroadSoft for publishing a comprehensive Security Best Practices guide: Technical Summit Report on Security Response Metrics: - Fraud and Security Best Practices Updates.pdf The BroadSoft Security Vulnerability Response Process: Vulnerability-Response.pdf
28 Traffic Pumping Fraud Connections 2014 Jim Dalton, Founder TransNexus
29 Traffic Pumping Fraud (International Revenue Sharing Fraud IRSF) Traffic Pumping Fraud is the Number One Risk for Retail Service Providers Your Customers are your Primary Vulnerability A Growing Fraud Eco-System has Developed to Attack Your Customers Telecom Hacking Instructions are Plentiful #BC14 BROADSOFT CONNECTIONS 2014 PAGE 29
30 Telecom Hacking Tutorials #BC14 BROADSOFT CONNECTIONS 2014 PAGE 30
31 Traffic Pumping Fraud (International Revenue Sharing Fraud IRSF) Traffic Pumping Fraud is the Number One Risk for Retail Service Providers Your Customers are your Primary Vulnerability A Growing Fraud Eco-System has Developed to Attack Your Customers Telecom Hacking Instructions are Plentiful Scores of Premium Number Service Providers Enable Easy Monetization #BC14 BROADSOFT CONNECTIONS 2014 PAGE 31
32 Monetize Fraud with Premium Rate Numbers #BC14 BROADSOFT CONNECTIONS 2014 PAGE 32
33 Premium Rate Number Providers Czech BVI Belize Austria Albania Spain Hong Kong Dominica Cyprus Australia UK USA UK USA Australia Cyprus Dominica Hong Kong Spain Albania Austria Belize British Virgin Islands Czech Republic India Netherlands Pakistan Russia Seychelles Singapore UAE #BC14 BROADSOFT CONNECTIONS 2014 PAGE 33
34 Premium Rate Number Services #BC14 BROADSOFT CONNECTIONS 2014 PAGE 34
35 Premium Rate Number Services #BC14 BROADSOFT CONNECTIONS 2014 PAGE 35
36 Premium Rate Number Services #BC14 BROADSOFT CONNECTIONS 2014 PAGE 36
37 Traffic Pumping Case Study $166,000 Fraud Loss in 44 hours Fraud victim had four analog lines Over 568 simultaneous calls during attack to three telephone numbers in Gambia Premium Rate Numbers Gambia Maldives Somalia Fraudster Forwarded Calls are maintained by TW Network and do not overload Enterprise Phone System Public Telephone Network 22.5 calls per minute in fraud attack TW Telecom Network Fiber Integrated Access Device Telephone signaling per call instructs TW Network to re-route forwarded calls to PRNs FSF Enterprise Phone System Four Analog Phone Lines Norstar ICS Call Pilot 100 Fraud Victim #BC14 BROADSOFT CONNECTIONS 2014 PAGE 37
38 SDReporter CDR Analytics Real Time Fraud Scoring Blacklisted Numbers Subscriber Credit Controls GroupId, UserId or SIP trunk 1. CDR Files 2. OCI-P Command Offnet Termination Networks #BC14 BROADSOFT CONNECTIONS 2014 PAGE 38
39 NexOSS SIP INVITE Analytics SIP Trunking NexOSS SIP Phones 1. SIP INVITE Admission Request 2. Route, Divert or Block Soft switch DID Providers Inbound SIP Calls X Session Border Controller SIP Terminators Stop Fraudulent Calls Before They Enter Your Network #BC14 BROADSOFT CONNECTIONS 2014 PAGE 39
40 Thank You!
41 BOOTH # Fraud and Security Connections 2014 Partners BroadWorks collects data on every call that flows through your network BroadSoft partners utilize big data and VoIP analytics techniques for preventing and managing fraud and security incidences User Profiling Reporting trend analysis Cloud-Based Appliance-Based SaaS User Portal Notification Attack Prevention Cost Analysis #BC14 BROADSOFT CONNECTIONS 2014 PAGE 41
42 Thank You!
VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======
VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call
More informationHow the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation
How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation Introduction Enterprises are continuing to convert and
More informationPBX Security in the VoIP environment
PBX Security in the VoIP environment Defending against telephony fraud Executive Summary In today s communications environment a voice network is just as likely to come under attack as a data network.
More informationHOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION
HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION 01 INTRODUCTION Inclarity is the UK s leading provider of Hosted Telephony, Hosted UC and Hosted Video solutions. We help our customers to communicate
More informationTELECOM FRAUD CALL SCENARIOS
TELECOM FRAUD CALL SCENARIOS Contents Introduction to Telecom Fraud... 2 Three Major Categories of Telecom Fraud... 2 Premium Rate Numbers... 2 Traffic Pumping Schemes... 2 Call Forwarding Fraud... 3 Multiple
More informationVOIP THEFT OF SERVICE: PROTECTING YOUR NETWORK ======
VOIP THEFT OF SERVICE: PROTECTING YOUR NETWORK ====== Table of Contents Introduction to VoIP Theft of Service... 2 Meet Our Expert Phone Power... 2 The Anatomy of International Revenue Sharing Fraud...
More informationWHAT THE FRAUD? A Look at Telecommunications Fraud and Its Impacts
WHAT THE FRAUD? A Look at Telecommunications Fraud and Its Impacts OUTLINE Overview...3 What is Telecom Fraud...4 Different Types of Fraud...5 A Look at the Top 5...6 What is a PBX... 10 PBX Hacking A
More informationIngate Firewall/SIParator SIP Security for the Enterprise
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
More informationThe #1 Issue on VoIP, Fraud!
Know your enemy Sun Tzu's The Art of War The #1 Issue on VoIP, Fraud! How to identify, prevent and reduce damages caused by fraud Flavio E. Goncalves About me Author of the book Building Telephony Systems
More informationFCS Fraud Mitigation Standard Specification
FCS Fraud Mitigation Standard Specification Contents: 1. Introduction... 4 2. Scope... 4 3. Readership... 4 4. Definitions & Terminology... 5 5. Requirements... 5 5.1. Service Registration... 5 5.1.1.
More informationIT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationTHE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER
THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure. BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION.
More informationBusiness Telephony Security
Business Telephony Security Toll Fraud - What is it? Toll Fraud or Phreaking is the process of illegal hacking of telecoms systems for the purpose of exploiting phone numbers to profit from premium rate
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More information93% of large organisations and 76% of small businesses
innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationTOLL FRAUD POLICIES AND PREVENTION
TOLL FRAUD POLICIES AND PREVENTION What is Toll Fraud? Toll Fraud is the theft of long-distance service. It s the unauthorized use of phone lines, services or equipment to make long distance calls. When
More informationSecurity and Risk Analysis of VoIP Networks
Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all
More informationBusiness Phone Security. Threats to VoIP and What to do about Them
Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationVoIP Trunking with Session Border Controllers
VoIP Trunking with Session Border Controllers By Chris Mackall Submitted to the Faculty of the Information Technology Program in Partial Fulfillment of the Requirements for the Degree of Bachelor of Science
More informationUC and SIP Trunking Luncheon. Sponsored by:
UC and SIP Trunking Luncheon Sponsored by: Speakers and Agenda Topic Presenter Opening comments, introductions and Jeff Neikirk (Verizon) market updates Verizon Managed Services for Enterprise Brent Carter
More informationPBX Fraud Educational Information for PBX Customers
PBX Fraud Educational Information for PBX Customers Telephone Hackers Hit Where It Hurts: Your Wallet Telephone hacking is unauthorized or fraudulent activities that can affect your telephone system, and
More informationVoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide
VoIP: The Evolving Solution and the Evolving Threat Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide VoIP: The Evolving Solution and the Evolving Threat An ISS Whitepaper 2
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationSession Border Controllers in Enterprise
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationThe monsters under the bed are real... 2004 World Tour
Web Hacking LIVE! The monsters under the bed are real... 2004 World Tour Agenda Wichita ISSA August 6 th, 2004 The Application Security Dilemma How Bad is it, Really? Overview of Application Architectures
More informationThings I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader
Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader Cisco Support Community Expert Series Webcast Today s featured expert is Cisco Technical Leader Ask him questions
More informationVillains and Voice Over IP
Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...
More informationRecommendations for secure deployment of an IP-PBX
Internet Telephony Services Providers Association Recommendations for secure deployment of an IP-PBX Version 2 November 2013 Contact: admin@itspa.org.uk Contents Introduction... 3 Health Warning!... 3
More informationDate 10/04/2012 TB Number TB - 12004 VoIP Security Threat Reminder
VOIP SECURITY THREAT REMINDER Bulletin Authorisation Detail Author Andrew Kenyon Authorisation Wilf Wood Date 10/04/2012 TB Number TB - 12004 Description VoIP Security Threat Reminder Summary Please use
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationWhite Paper. avaya.com 1. Table of Contents. Starting Points
White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationOfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide
OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationSangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma shorton@sangoma.com
SangomaSBCs Keeping Your VoIP Network Secure Simon Horton Sangoma shorton@sangoma.com Inside this Deck About Sangoma/ProVu SIP Market SBCs Demystified Business Applications and Use Cases Portfolio of SBCs
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationVOIP Attacks On The Rise
VOIP Attacks On The Rise Voice over IP (VoIP) infrastructure has become more susceptible to cyber-attack due to the proliferation of both its use and the tools that can be used for malicious purposes.
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationEasily Protect Your Voice Network From Attack
ETM SYSTEM WE SEE YOUR VOICE We know some important things about your enterprise things that you may not know yourself. We know that you are significantly overpaying for your corporate voice network and
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationMitigating the Security Risks of Unified Communications
2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationConfiguring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011
Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationVoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006
VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP technology has the tech geeks buzzing. It has been touted as: - the killer of telecoms - a solution
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationInternational Dialing and Roaming: Preventing Fraud and Revenue Leakage
page 1 of 7 International Dialing and Roaming: Preventing Fraud and Revenue Leakage Abstract By enhancing global dialing code information management, mobile and fixed operators can reduce unforeseen fraud-related
More informationAccess Mediation: Preserving Network Security and Integrity
Access Mediation: Preserving Network Security and Integrity Definition Access mediation is the process of examining and controlling signaling traffic between networks, resources and users by filtering
More informationCGI Cyber Risk Advisory and Management Services for Insurers
CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationCountering Cyber Attacks with Big Data and Analytics
June 2015 Countering Cyber Attacks with Big Data and Analytics Frost & Sullivan Analysis by Sandy Borthick Big Data & Analytics (BDA) Volume 3, Number 6 Countering Cyber Attacks with Big Data and Analytics
More informationFirewalls vs. ESBCs: You May Be Under Attack and Not Even Know It. Mike Reiman Director of Software Solutions
Firewalls vs. ESBCs: You May Be Under Attack and Not Even Know It Mike Reiman Director of Software Solutions Edgewater Networks Overview Based in San Jose, California, Edgewater Networks was founded in
More informationPCI Compliance 3.1. About Us
PCI Compliance 3.1 University of Hawaii About Us Helping organizations comply with mandates, recover from security breaches, and prevent data theft since 2000. Certified to conduct all major PCI compliance
More informationINTRODUCTION TO VOIP FRAUD
INTRODUCTION TO VOIP FRAUD Contents Introduction to VoIP Fraud... 2 What constitutes VoIP Fraud?... 2 Who does VoIP fraud affect?... 2 Where does VoIP fraud come from?... 3 How big of a problem is VoIP
More informationWhite Paper Voice Fraud Monitoring
White Paper Voice Fraud Monitoring Executive Summary Voice Fraud is a growing concern in this country, with 98% of businesses which have experienced hacking also victims of Voice Fraud. The cost of the
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationSecurity Assessment and Compliance Services
Security Assessment and Compliance Services Despite the best efforts of IT security teams, hackers and malicious code continue to find their way into corporate networks. Adding to the pressure is the fact
More informationBT Global Video Exchange. Frequently asked questions - Technical capabilities
BT Global Video Exchange Frequently asked questions - Technical capabilities BT Global Video Exchange expands Cisco TelePresence immersive capabilities by allowing you to connect outside of your enterprise
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationSolution Review: Siemens Enterprise Communications OpenScape Session Border Controller
Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller Russell Bennett UC Insights www.ucinsights.com russell@ucinsights.com Introduction Those familiar with unified communications
More informationApplication Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationRam Dantu. VOIP: Are We Secured?
Ram Dantu Professor, Computer Science and Engineering Director, Center for Information and Computer Security University of North Texas rdantu@unt.edu www.cse.unt.edu/~rdantu VOIP: Are We Secured? 04/09/2012
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationAttackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only
Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors Microsoft Confidential for internal use only Wall Street Journal, JP Morgan, Lockheed, Bushehr nuclear
More informationS-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009
S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need
More informationT.38 fax transmission over Internet Security FAQ
August 17, 2011 T.38 fax transmission over Internet Security FAQ Give me a rundown on the basics of T.38 Fax over IP security. Real time faxing using T.38 SIP trunks is just as secure as sending faxes
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationCyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group
Cyber Security Breakout Session Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group December 2014 Disclaimer: The material in this presentation
More informationBROADSOFT PARTNER CONFIGURATION GUIDE VEGASTREAM VEGA 100
BROADSOFT PARTNER CONFIGURATION GUIDE VEGASTREAM VEGA 100 JULY 2005 Version 1.0 BroadWorks Guide Copyright Notice Copyright 2005 BroadSoft, Inc. All rights reserved. Any technical documentation that is
More informationRon Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems
Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport
More informationApplication Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security
Patton Electronics Co. www.patton.com 7622 Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: +1 301-975-10001000 fax: +1 301-869-9293 Application Note Patton SmartNode in combination with a CheckPoint
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationAvaya SBCE 6.3 Security Configuration and Best
Avaya SBCE 6.3 Security Configuration and Best Practices Guide Release 6.3 Issue 1.0 October 2014 1 2014 Avaya Inc. All Rights Reserved. Notice While reasonable efforts were made to ensure that the information
More informationIP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online
1 IP PBX SD Card Slot FXO Ports PBX LAN port PBX WAN port FXO Ports LED, RED means online 2 Connect the IP PBX to Your LAN Internet PSTN Router Ethernet Switch FXO Ports 3 Access the PBX s WEB GUI The
More informationUsing IP Networks for voice and video: benefits and challenges
Using IP Networks for voice and video: benefits and challenges Peter Cox CEO UM Labs Ltd October 2010 About UM Labs UK Based company Founded 2008 by Peter Cox and other cofounders of Borderware Technologies
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationExcellence Doesn t Need a Certificate. Be an. Believe in You. 2014 AMIGOSEC Consulting Private Limited
Excellence Doesn t Need a Certificate Be an 2014 AMIGOSEC Consulting Private Limited Believe in You Introduction In this age of emerging technologies where IT plays a crucial role in enabling and running
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More information