Today crackers -- malevolent hackers -- almost always take a page from Willie Sutton's book and go where the money is. This wasn't the case a few years ago. At that time, many folks tried to breach systems to make political points or purely for sport-to prove they could do it-as well as to make money.
During the past few years, however, organized crime has taken control and viruses, phishing and the rest have gone corporate. To a great extent, unified communications and its main building block, VoIP, now are the places where the money is and, therefore, are of growing interest to the dark side. Traditional data networks are better protected than in the past, so it makes increasing sense to attack "low-hanging fruit" -- poorly protected systems that essentially are waiting to be compromised -- in the VoIP sector.
McAfee Labs has released a white paper summarized in this InfoSecurity piece detailing the growth of threats to VoIP. The story, which has a link to the report, says McAfee found that the number of known VoIP vulnerabilities has grown from less than 20 in 2006 to almost 60 now. Like a rise in disease rates, the increase in part can be attributed to better detection, the story notes. But the lion's share of the increase, no doubt, is the result of more attention by the bad guys.
A part of the report looks at various vendors, something planners should pay special attention to. InfoSecurity reports that vulnerabilities found in Cisco's gear has outpaced those in equipment from Nortel and Avaya by a factor of five, though the report offers no explanation for the difference.
The fuller focus of crackers on IP voice gives rise to a collection of problems that are a combination of familiar data and new VoIP-specific exploits. This CompTIA article explains what IT departments are facing. New threats include spam over Internet telephony (SPIT), eavesdropping, VoIP-focused phishing, Session Initiation Protocol (SIP) registration hijacking and spoofing. The story provides a good explanation of each of these problems.
TMC tackles the issue with a story and related video, which both focus on protecting the security of SIP. The story counsels IT departments to treat IP PBXes as mission-critical servers, use deep packet inspection (DPI), denial-of-service (DoS) protection and other best practices. A link to the video is provided in the story.
As far as security is concerned, VoIP and wireless are in the same boat. Of course, the disciplines overlap in practice. In the bigger picture, both have been around for a while, but only have risen to superstar status relatively recently. Thus, they only now are moving firmly into the crosshairs of crackers and other criminals. IT departments must take steps to ensure that their systems are secure before the crooks arrive.