Embed Size (px)
DESCRIPTION
SIP, UC, and Security. Joel Maloff Phone.com [email protected] February, 2012. Setting the Stage for Security. SIP is a protocol incorporated into various service offerings. Unified Communications is a concept that incorporates various communications functions into a single approach. - PowerPoint PPT Presentation
Citation preview
SIP is a protocol incorporated into various service offerings.
Unified Communications is a concept that incorporates various communications functions into a single approach.
Ensuring the security of our communications, especially given the proliferation of the cloud, is more important than ever!
Setting the Stage for Security
ESG (Enterprise Strategy Group) Research surveyed large enterprises (2011) and found the following:• 20% are certain that they have been the target of an Advanced Persistent Threat (APT); 39% believe that they have likely been targeted.•Unfortunately, many of these felt inadequately prepared to respond!
Security is STILL an Issue – Even for the Big Guys!
• 32% - lack of security forensic skills• 29% - lack of technical skills in incident response team• 26% - inadequate ability to gather relevant information
• 26% - lack of executive management buy-in to incident response policies and procedures• 25% - lack of integration between the incident response and legal team• 23% - lack of a formal external communication plan• 23% - lack of a formal internal communication plan
If companies of 1000+ employees have these issues, where does that leave the smaller organizations?
• Source: http://www.networkworld.com/community/blog/2012-year-incident-response
Security is STILL an Issue – Even for the Big Guys!
Unified Communications is more than just voice.•Document exchange• Archival and auditing for compliance with regulatory and legal statutes• Platform-specific attacks
Some of the Challenges
• Eavesdropping on VoIP, IM•Hacking IP or soft phones to remotely activate them as an eavesdropping attack vector
• Toll Fraud•Denial of Service Attacks
Some of the Challenges
SIP and UC are part of the business information infrastructure. • They must be incorporated into the existing information systems security policies and procedures.• Documented policies and
procedures with regular review are essential for minimizing the impact of security vulnerabilities.• Vendors and service providers can
help, but they are not responsible for your security plan – you are!
Addressing the Challenges
IP phones are NOT phones as in the past – they are network-enabled computers and must be treated as such!
Firewalls, SBCs, ACLs, VLANs, authentication, encryption, and IDS/IPS are all tools that are to be deployed as part of a coherent PLAN – they are not themselves strategies or policies!
Security requires perpetual vigilance• Penetration testing is invaluable.
Addressing the Challenges
