+ All Categories
Page 1: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

Joel Maloff


[email protected]

February, 2012

Page 2: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

SIP is a protocol incorporated into various service offerings.

Unified Communications is a concept that incorporates various communications functions into a single approach.

Ensuring the security of our communications, especially given the proliferation of the cloud, is more important than ever!

Setting the Stage for Security

Page 3: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

ESG (Enterprise Strategy Group) Research surveyed large enterprises (2011) and found the following:• 20% are certain that they have been the target of an Advanced Persistent Threat (APT); 39% believe that they have likely been targeted.•Unfortunately, many of these felt inadequately prepared to respond!

Security is STILL an Issue – Even for the Big Guys!

Page 4: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

• 32% - lack of security forensic skills• 29% - lack of technical skills in incident response team• 26% - inadequate ability to gather relevant information

• 26% - lack of executive management buy-in to incident response policies and procedures• 25% - lack of integration between the incident response and legal team• 23% - lack of a formal external communication plan• 23% - lack of a formal internal communication plan

If companies of 1000+ employees have these issues, where does that leave the smaller organizations?

• Source: http://www.networkworld.com/community/blog/2012-year-incident-response

Security is STILL an Issue – Even for the Big Guys!

Page 5: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

Unified Communications is more than just voice.•Document exchange• Archival and auditing for compliance with regulatory and legal statutes• Platform-specific attacks

Some of the Challenges

Page 6: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

• Eavesdropping on VoIP, IM•Hacking IP or soft phones to remotely activate them as an eavesdropping attack vector

• Toll Fraud•Denial of Service Attacks

Some of the Challenges

Page 7: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

SIP and UC are part of the business information infrastructure. • They must be incorporated into the existing information systems security policies and procedures.• Documented policies and

procedures with regular review are essential for minimizing the impact of security vulnerabilities.• Vendors and service providers can

help, but they are not responsible for your security plan – you are!

Addressing the Challenges

Page 8: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

IP phones are NOT phones as in the past – they are network-enabled computers and must be treated as such!

Firewalls, SBCs, ACLs, VLANs, authentication, encryption, and IDS/IPS are all tools that are to be deployed as part of a coherent PLAN – they are not themselves strategies or policies!

Security requires perpetual vigilance• Penetration testing is invaluable.

Addressing the Challenges

Page 9: Joel Maloff Phone.com jmaloff@phone.com February, 2012.

Top Related