Unified Communications Security Report to The Industry

Size: px
Start display at page:

Download "Unified Communications Security Report to The Industry"

Transcription

1 Unified Communications Security Report to The Industry Mark D. Collier Chief Technology Officer SecureLogix Corporation ETM, TeleWatch Secure, TWSA, We See Your, SecureLogix, SecureLogix Corporation, the SecureLogix Emblem and the SecureLogix Diamond Emblem are trademarks and/or service marks or registered trademarks and/or service marks of SecureLogix Corporation in the U.S.A. and other countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners. Copyright 2012 SecureLogix Corporation. All Rights Reserved. SecureLogix technologies are protected by one or more of the following patents: US 6,226,372 B1, US 6,249,575 B1, US 6,320,948 B1, US 6,687,353 B1, US 6,718,024 B1, US 6,760,420 B2, US 6,760,421 B2, US 6,879,671 B1, US 7,133,511 B2, US 7,231,027 B2, US 7,440,558 B2, US 8,150,013 B2, CA 2,354,149, DE 1,415,459 B1, FR 1,415,459 B1, and GB 1,415,459 B1.

2 About SecureLogix SecureLogix: UC security and management policy company Security solutions for UC and traditional voice networks Our applications are integrated into Cisco routers We have product and managed service offerings Cloud solutions as well as CPE About me: Author of Hacking Exposed: UC and VoIP Conducted many security assessments markcollier46 on twitter/google+

3 UC Security Overview

4 Network And Application Security Network Security (Malicious Packets) Network DoS Network Intrusion Non-Secure Endpoints Eavesdropping Evolving Security Application Security (Malicious Calls) Telephony DoS Social Engineering / ATO IRSF / Toll Fraud Robocalls / Scams / Vishing Harassing Calls UC federation Mobile Cloud WebRTC and OTT Federation

5 Low/High/No/Negative Value Calls

6 Anonymous TDoS Threat

7 Simple Automated TDoS Agents/Users May target part of a CC Single SIP origination Calling number not spoofed Restricted/blocked numbers Poorly formed numbers Poorly selected audio Difficult to sustain Public Network Systems

8 9 AM :28 :43 :55 :07 :17 :28 :38 :48 :58 :07 :17 :27 :37 :47 :57 :06 :16 :26 :36 :46 :56 :05 :15 :25 :35 :45 :55 :04 :14 :24 :34 :44 :54 :03 :13 :23 :33 :43 :53 :02 :12 Simple Automated TDoS - Example Attacker Responds Bank Branch Attack Branch s closed at 4PM Manager Confronts Attacker Attack Begins Bank Branch A Bank Branch B

9 Complex Automated TDoS Agents/Users Likely to target part of CC Single SIP origination Well selected SIP provider Calling number spoofed SIP headers spoofed Well chosen audio Dwell in IVR, create callbacks Possible to sustain Public Network Systems

10 Complex Automated TDoS Turnkey Tools

11 Distributed/Complex Automated TDoS Agents/Users Targets overall capacity May also target part of CC Multiple SIP origination Well selected SIP providers Botnets Calling number spoofed SIP headers spoofed Well chosen audio Dwell in IVR, create callbacks Most sustainable Public Network Systems

12 Social Networking TDoS Agents/Users May target part of a CC Many different callers Callers can dwell in IVR Callers can engage agents Create callbacks Somewhat difficult to sustain Public Network Systems

13 Social Networking TDoS Example

14 Financial Fraud/Social Engineering Agents/Users Targets consumer accounts Uses anonymous number or Spoofs calling number Uses personal info from sources Tries to gather info from agents Always manual/multiple calls Attacker targets IVR Spoofs caller ID Guesses accounts/passwords May be brute-force or stealth May be automated Public Network Systems

15 Financial Fraud Example 300 Social Engineering Attack from 515-xxx-xxxx Bank responds by blocking all calls from attacker Caller used an invalid area code Caller attempted to block calling number Excessive DTMF digits in IVR Calls durations were longer than normal Attacker attempts several account takeovers Attacker has no history of being a customer Attacker probes bank using harvested data 0 Sucessful Calls Terminated Calls

16 IRSF Toll Fraud Attacker sets up a premium number and generates calls Public Network Systems Traffic Generator

17 IRSF Toll Fraud Example Call Termination Reconnaissance / Testing

18 Call Pumping Single SIP origination Well selected SIP provider Calls for connect charges Calls for per minute charges Calling number spoofed SIP headers spoofed DTMF IVR looping Well chosen duration Simple audio Possible to sustain Can create a TDoS situation if the attacker is sloppy Public Network Agents/Users Systems

19 Call Pumping Example 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%

20 SPAM/Phishing/Scams (Robocalls) Automated transmission of: SPAM Scams Agents/Users Public Network Systems

21 SPAM/Phishing/Scams Automated transmission of: phishing calls Agents/Users messages with outbound Numbers can also be used Phishing site or number Public Network Systems

22 SPAM/Phishing/Scam Types Robocall Types

23 Harassing Calls Automated transmission of: Persistent callers Annoying/offensive calls Bomb threats SWAT calls Public Network Agents/Users Systems

24 Harassing Calls - Example Persistent Harassing Caller

25 UC Federation Data leakage, intrusion, and malware delivery Increased threat due to federation Many more endpoints Vulnerabilities across: Audio Video Instant Messaging File Transfer Presence

26 UC Security Best Practices Develop a UC security policy Collect real-time data about your UC services, across your enterprise Implement UC application security on perimeter Implement SIP packet-level security on perimeter Implement good internal data network security Prioritize security during UC deployments Use encryption where possible for authentication, confidentiality, and integrity Consider an independent security assessment to examine your network for the issues covered here

27 Security Report to Industry Thank You..Be Safe Out There!!

Easily Protect Your Voice Network From Attack

Easily Protect Your Voice Network From Attack ETM SYSTEM WE SEE YOUR VOICE We know some important things about your enterprise things that you may not know yourself. We know that you are significantly overpaying for your corporate voice network and

More information

How To Protect Your Business From A Voice Firewall

How To Protect Your Business From A Voice Firewall VOICE FIREWALL Secure your voice network edge and prevent financial losses. The ETM Voice Firewall secures your critical networking resources and lowers telecom expenses by protecting your enterprise voice

More information

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation Introduction Enterprises are continuing to convert and

More information

ETM System SIP Trunk Support Technical Discussion

ETM System SIP Trunk Support Technical Discussion ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with

More information

CALL RECORDER. Record targeted call content that threatens or impacts your business.

CALL RECORDER. Record targeted call content that threatens or impacts your business. CALL RECORDER Record targeted call content that threatens or impacts your business. The ETM Call Recorder enables automated, policybased recording of targeted calls of interest through the remotely managed

More information

Published in association with:

Published in association with: Published in association with: SecureLogix Corporation 13750 San Pedro Ave. Suite 820 San Antonio, TX 78232 Phone 210 402 9669 Toll Free 1 800 817 4837 Int 001 210 402 9669 Fax 210 402 6996 Email info@securelogix.com

More information

SecureLogix. Managed Security Service for Voice. Proactively Monitor and Respond to Voice/UC Threats. Harvest Your Maximum Cost Savings Potential.

SecureLogix. Managed Security Service for Voice. Proactively Monitor and Respond to Voice/UC Threats. Harvest Your Maximum Cost Savings Potential. SecureLogix Managed Security Service for Voice Proactively Monitor and Respond to Voice/UC Threats. Harvest Your Maximum Cost Savings Potential. The SecureLogix Managed Security Service for Voice is your

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure. BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION.

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

VOIP WARS: THE PHREAKERS AWAKEN. Fatih Ozavci @fozavci Managing Consultant Context Information Security

VOIP WARS: THE PHREAKERS AWAKEN. Fatih Ozavci @fozavci Managing Consultant Context Information Security VOIP WARS: THE PHREAKERS AWAKEN Fatih Ozavci @fozavci Managing Consultant Context Information Security Fatih Ozavci, Managing Consultant VoIP & phreaking Mobile applications and devices Network infrastructure

More information

Enterprise Voice Network Security Solutions. A Corporate Whitepaper by SecureLogix Corporation

Enterprise Voice Network Security Solutions. A Corporate Whitepaper by SecureLogix Corporation Enterprise Voice Network Security Solutions A Corporate Whitepaper by SecureLogix Corporation Contents Introduction 1 1. Voice Network Security Threats 1 Toll Fraud... 1 Social Engineering Attacks... 2

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Top Defense Strategies and

Top Defense Strategies and E-Guide Top Defense Strategies and Security Considerations for Unified Communications (UC) Organizations turn to unified communications as a cost-effective alternative to traditional communication systems.

More information

SIP SECURITY JULY 2014

SIP SECURITY JULY 2014 SIP SECURITY JULY 2014 Executive Overview As with any data or communication service, it s important that all enterprises understand potential security issues related to SIP Trunking. This paper provides

More information

Mitigating the Security Risks of Unified Communications

Mitigating the Security Risks of Unified Communications 2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose

More information

Challenges and opportunities for Open Source solutions

Challenges and opportunities for Open Source solutions GDS20910 39HA83090K2 D3 S20910 328MGD 7 W510200RQ1 UT 10 T28GHY620 JH7 BE4ET276 90K2 D39HA83 0K2 D39HA830 8JD6200NS12 RQ1 UTW510200 H7 BE4ET2763J 8HGDOI0912 M1 Y620110 T28GH UTW510200 83090K2 GDS20910

More information

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call

More information

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

CE 817 - Advanced Network Security VoIP Security

CE 817 - Advanced Network Security VoIP Security CE 817 - Advanced Network Security VoIP Security Lecture 25 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Voice Network Management Best Practices

Voice Network Management Best Practices Voice Network Management Best Practices A white paper from SecureLogix Corporation Introduction Traditionally, voice networks have been managed from the switch room, with limited enterprise-wide visibility.

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Oracle s Contact Center Communications Solution. Improve Business Agility, Customer Satisfaction and Economics

Oracle s Contact Center Communications Solution. Improve Business Agility, Customer Satisfaction and Economics Oracle s Contact Center Communications Solution Improve Business Agility, Customer Satisfaction and Economics Oracle s contact center solution is designed to enable the hyperconnected enterprise a new

More information

VoIP / SIP Planning and Disclosure

VoIP / SIP Planning and Disclosure VoIP / SIP Planning and Disclosure Voice over internet protocol (VoIP) and session initiation protocol (SIP) technologies are the telecommunication industry s leading commodity due to its cost savings

More information

HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION

HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION 01 INTRODUCTION Inclarity is the UK s leading provider of Hosted Telephony, Hosted UC and Hosted Video solutions. We help our customers to communicate

More information

The ETM System and Regulatory Compliance

The ETM System and Regulatory Compliance The ETM System and Regulatory Compliance A Whitepaper by SecureLogix Corporation In response to concerns of constituents, governments are demanding, through increasing regulations, greater accountability

More information

PERFORMANCE MANAGER. Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business.

PERFORMANCE MANAGER. Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business. PERFORMANCE MANAGER Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business. The ETM Performance Manager provides unified, realtime,

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com

PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com PENTEST VoIP & Web Pentest Services VoIP & WEB Penetration Testing The Experinced and National VoIP/Unified Communications R&D organization, NETAŞ NOVA Pentest Services test the applications, infrastructure

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

VoIP Security. Customer Best Practices Guide. August 2015. 2015 IntelePeer

VoIP Security. Customer Best Practices Guide. August 2015. 2015 IntelePeer VoIP Security Customer Best Practices Guide August 2015 2015 IntelePeer Contents Contents... 2 Getting Started... 3 Pre-Deployment Considerations... 3 Preparation Check-List... 3 Common Security Threats...

More information

Cisco ASA 5500 Series Unified Communications Deployments

Cisco ASA 5500 Series Unified Communications Deployments 5500 Series Unified Communications Deployments Cisco Unified Communications Solutions unify voice, video, data, and mobile applications on fixed and mobile networks, enabling easy collaboration every time,

More information

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services Oracle s Unified Communications Infrastructure Solution Delivering Secure, Reliable, and Scalable Unified Communications Services Oracle s UC infrastructure solution combines tightly coupled session management,

More information

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP technology has the tech geeks buzzing. It has been touted as: - the killer of telecoms - a solution

More information

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem FIGHTING FRAUD ON 4G Neutralising threats in the LTE ecosystem TABLE OF CONTENTS Introduction...3 New and Old Vulnerabilities...4 Identity Management...5 A Unified Response...6 Data Mining...7 An Evolving

More information

Security Features and Considerations

Security Features and Considerations Securing the Unified Communications Enabled Enterprise Integrated communications systems are inherently more secure than traditional standalone phone and messaging systems. Business Communications Challenges

More information

Building the Lync Security Eco System in the Cloud Fact Sheet.

Building the Lync Security Eco System in the Cloud Fact Sheet. Building the Lync Security Eco System in the Cloud Fact Sheet. [Type text] The need to secure all entries to the fastest growing Unified Communication application (UC) and allow for complete inter-operability

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

INTRUSION PREVENTION (IPS) Features SECURITY OF INFORMATION TECHNOLOGIES

INTRUSION PREVENTION (IPS) Features SECURITY OF INFORMATION TECHNOLOGIES INTRUSION PREVENTION (IPS) Features SECURITY OF INFORMATION TECHNOLOGIES The way the Internet is used evolves rapidly all the time. Where traffic was once limited to the exchange of multimedia, today it

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014 Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014 [Type text] As the limited number of remaining IPv4 addresses are allocated to ISPs, it is becoming increasingly

More information

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure. McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,

More information

SPAM over Internet Telephony (SPIT) und Abwehrmöglichkeiten

SPAM over Internet Telephony (SPIT) und Abwehrmöglichkeiten Zukunft der Netze, 20.03.2009 SPAM over Internet Telephony (SPIT) und Abwehrmöglichkeiten Dirk Hoffstadt (Uni Duisburg-Essen) Christoph Sorge (NEC) Yacine Rebahi (Fraunhofer FOKUS) Outline Introduction

More information

Kommunikationsdienste im Internet Möglichkeiten und Risiken

Kommunikationsdienste im Internet Möglichkeiten und Risiken Die Zukunft der Kommunikationsdienste im Internet Möglichkeiten und Risiken Erwin P. Rathgeb Technik der Rechnernetze, Universität Duisburg-Essen Jochen Kögel, Marc Barisch IKR, Universität Stuttgart Steffen

More information

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud 2004-3-167 Supervisor: Prof.Dr. Shawkat K.Guirguis

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud 2004-3-167 Supervisor: Prof.Dr. Shawkat K.Guirguis Alexandria University Institute of Graduate Studies and Research Department of Information Technology. Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud 2004-3-167 Supervisor: Prof.Dr. Shawkat

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications Oracle s Solution for Secure Remote Workers Providing Protected Access to Enterprise Communications Our forecast shows that the worldwide mobile worker population will increase to more than 1.3 billion

More information

SecureLogix Syslog Alert Tool

SecureLogix Syslog Alert Tool SecureLogix Syslog Alert Tool V1.0 User Guide Compatible with ETM System 6.1 or Later DOC-S A T -ETM710-2013-0531 About SecureLogix SecureLogix, a Gartner designated Cool Vendor is the leader in enterprise

More information

2015 CENTRI Data Breach Report:

2015 CENTRI Data Breach Report: INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

V1.4. Spambrella Email Continuity SaaS. August 2

V1.4. Spambrella Email Continuity SaaS. August 2 V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable

More information

Securing Unified Communications for Healthcare

Securing Unified Communications for Healthcare Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure

More information

VoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide

VoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide VoIP: The Evolving Solution and the Evolving Threat Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide VoIP: The Evolving Solution and the Evolving Threat An ISS Whitepaper 2

More information

Installation Certification Program. Deployment of the ETM System

Installation Certification Program. Deployment of the ETM System Installation Certification Program for Deployment of the ETM System March 2010 Prepared by: SecureLogix 13750 San Pedro Ave., Suite 820 78232 (210) 402-9669 (210) 402-6996 (Fax) TABLE OF CONTENTS 1.0 OVERVIEW...

More information

VOIP Attacks On The Rise

VOIP Attacks On The Rise VOIP Attacks On The Rise Voice over IP (VoIP) infrastructure has become more susceptible to cyber-attack due to the proliferation of both its use and the tools that can be used for malicious purposes.

More information

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs? A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social

More information

Next Generation. VoIP Application Firewall. www.novacybersecurity.com

Next Generation. VoIP Application Firewall. www.novacybersecurity.com Next Generation VoIP Application Firewall Are you aware that you are vulnerable to all threats on the Internet? With increasing voice and video transmission over IP and emerging new technologies such as

More information

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to

More information

Enumerating and Breaking VoIP

Enumerating and Breaking VoIP Enumerating and Breaking VoIP Introduction Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

SIP Trunking DEEP DIVE: The Service Provider

SIP Trunking DEEP DIVE: The Service Provider SIP Trunking DEEP DIVE: The Service Provider Larry Keefer, AT&T Consulting UC Practice Director August 12, 2014 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

More information

Symantec Messaging Gateway powered by Brightmail

Symantec Messaging Gateway powered by Brightmail The first name in messaging security powered by Brightmail Overview, delivers inbound and outbound messaging security, with effective and accurate real-time antispam and antivirus protection, advanced

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Cisco Virtual Office Unified Contact Center Architecture

Cisco Virtual Office Unified Contact Center Architecture Guide Cisco Virtual Office Unified Contact Center Architecture Contents Scope of Document... 1 Introduction... 1 Platforms and Images... 2 Deployment Options for Cisco Unified Contact Center with Cisco

More information

Countering Insider Threats Jeremy Ho

Countering Insider Threats Jeremy Ho Countering Insider Threats Jeremy Ho Strategic Sales Group (ASEAN) 1 CONFIDENTIAL Key Challenges Impacting Organization Today REGULATORY COMPLIANCE Rising Data Volumes Changing Requirements Prioritization

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

TELECOM FRAUD CALL SCENARIOS

TELECOM FRAUD CALL SCENARIOS TELECOM FRAUD CALL SCENARIOS Contents Introduction to Telecom Fraud... 2 Three Major Categories of Telecom Fraud... 2 Premium Rate Numbers... 2 Traffic Pumping Schemes... 2 Call Forwarding Fraud... 3 Multiple

More information

IBM Smarter Cities Cybersecurity Update

IBM Smarter Cities Cybersecurity Update IBM Smarter Cities Cybersecurity Update October 2012 Kent Blossom, Vice President, IBM Security Solutions kblossom@us.ibm.com 1 Discussion Topics IBM Security Systems Evolving Client Priorities & Approaches

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller

Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller Russell Bennett UC Insights www.ucinsights.com russell@ucinsights.com Introduction Those familiar with unified communications

More information

PROTECTING YOUR CALL CENTERS AGAINST PHONE FRAUD & SOCIAL ENGINEERING A WHITEPAPER BY PINDROP SECURITY

PROTECTING YOUR CALL CENTERS AGAINST PHONE FRAUD & SOCIAL ENGINEERING A WHITEPAPER BY PINDROP SECURITY PROTECTING YOUR CALL CENTERS AGAINST PHONE FRAUD & SOCIAL ENGINEERING A WHITEPAPER BY PINDROP SECURITY TABLE OF CONTENTS Executive Summary... 3 The Evolution of Bank Theft... Phone Channel Vulnerabilities

More information

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Stop advanced targeted attacks, identify high risk users and control Insider Threats TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

More information

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy Contents 1. Internet Abuse... 2 2. Bulk Commercial E-Mail... 2 3. Unsolicited E-Mail... 3 4. Vulnerability Testing... 3 5. Newsgroup, Chat Forums, Other Networks... 3 6. Offensive

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

6 Steps to SIP trunking security. How securing your network secures your phone lines.

6 Steps to SIP trunking security. How securing your network secures your phone lines. 6 Steps to SIP trunking security How securing your network secures your phone lines. The myths about SIP trunking can be misleading. There are stories that SIP has set off a cyber crime wave of corporate

More information

NEW!!! Industry s only Comprehensive VoIP Security Boot Camp

NEW!!! Industry s only Comprehensive VoIP Security Boot Camp NEW!!! Industry s only Comprehensive VoIP Security Boot Camp IP 3, Inc. the nation s leading trainer for Securing Emerging Technologies has partnered with Salare Security to launch one of the most intense

More information

Voice over IP (VoIP) Vulnerabilities

Voice over IP (VoIP) Vulnerabilities Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

Footprinting. Vendor press releases and case studies Resumes of VoIP personnel Mailing lists and user group postings Web-based VoIP logins

Footprinting. Vendor press releases and case studies Resumes of VoIP personnel Mailing lists and user group postings Web-based VoIP logins Voice Over IP Security Mark D. Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com www.securelogix.com www.voipsecurityblog.com Outline Outline Introduction Attacking

More information

Today's security needs in networking

Today's security needs in networking Today's security needs in networking Besoins actuels de la sécurité réseau European partner summit Thursday, October 13, 2005 Hervé Schauer Hervé Schauer Agenda Firewalls Liability

More information

Cloud Based Secure Web Gateway

Cloud Based Secure Web Gateway Cloud Based Secure Web Gateway DR160203 March 2016 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Product Tested... 4 Test Focus... 4 How We Did It... 5 Test Bed Setup... 5 Test

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information