A month ago I gave a list of different “features” that might be stacked up in what we call VoIP security. It turns out that just a day earlier, BusinessWeek reported about a new study of net vulnerabilities. I’d like to go over some of the key findings in this report from a VoIP perspective.
That’s how you do it!
Applications and not operating systems are the risk
It seems like operating systems are being targeted less and applications more:
“The analysts found that the biggest risk facing most systems is unpatched vulnerabilities in applications and that applications, not operating systems, have become the primary target of attack”.
As VoIP is always considered an application on top of the operating system, and not really a part of the operating system, hackers are more likely to go after VoIP on the application level than from a pure network level.
I would say that the main area of attack will be the VoIP protocol itself, trying to inject malformed/malicious messages for one purpose or another; or trying to hack into the application to gain access to user related information.
Vulnerabilities in applications running on web servers
Server-side hacking happens more than client-side hacking:
“Dealing with vulnerabilities in applications running on Web servers. The survey found that Web server-side applications are the target of more than 60% of all Internet attacks…”
My take? If you are building a server, you should be more careful with your code than with a client. It’s quite obvious – there’s more to gain by hacking or crashing a large server than a single user.
This also indicates that those pursuing “cloud communication” should deal with VoIP security threats from day one and not leave it for the last minute.
Don’t neglect security
I’d say that my take away here is: when it comes to VoIP, don’t neglect security. Bear in mind that it’s not just about user privacy, but the whole application’s security we’re dealing with here: Secure RTP, TLS or H.235 are irrelevant in this case; It’s the way you code and test your application that matters.
Tags: BusinessWeek, cloud communication, H.235, internet, Operating system, Privacy, Protocol, report, Security, servers, SRTP, TLS, VoIP, Vulnerability
Trackback this post | Subscribe to the comments via RSS Feed