In this global information age, the power of early access to information by perpetrators through malicious means often is a pre-cursor to more sophisticated illegitimate activities such as insider trading activities, leakage of sensitive information, stealing of company trade secrets, industry espionage or press tabloid materials as in the above case.

The growing prominence of IP- based communication networks and applications are empowering the user with ubiquitous instant-on connectivity, communications and collaboration with any person from any device, any location and at any time. This powerful user experience was never possible before and is now achievable through all pervasive and standard based IP networks. As a result, the conventional definition of perimeter security defense no longer exists. Any weakest link in the end-2-end communication leg can now effectively become the prima facie point for perpetrators to conduct malicious activities.

The stakeholders must understand that securing IP based communication networks and applications present unique security challenges that are vastly different and much stringent when compared to securing data applications – requiring near- zero false-positives and negatives, possessing deep understanding of call control (and services) stacks, device tracking, user/  application analytics, firewall capabilities possessing deep understanding of voice/video and UC protocols. The pervasiveness of IP-based communication networks makes it just much easier now to carry the hacking activities – wiretapping into conversations, brute force crawling and identifications of legal usernames/ extensions, illegitimate call pattern tracking, interception/rerouting of call traffic to hacker locations, presence tracking, stealing confidential voice messages from specific individuals (or extensions) are just few examples of security threats that can plague VOIP/UC networks if proper security measures are not enforced.

RedShift Networks honey pot research conducted over several months has indicated several threat vectors open in the wild today ranging from Voice/UC Denial-of-Service (VDOS/UC-DOS) attacks, SPAM over Internet Telephony (SPIT) attacks, Eavesdropping, Spoofing, Number Harvesting, Protocol Fuzzing, Toll Fraud, SQL Injections, Media tampering and a myriad of UC Infrastructure and Application layer threats. All these new threat vectors go completely undetected using existing protective solutions. Gartner in their recent study strongly recommend the use of SIP-aware Firewalls to protect your communication networks. For more information about RedShift Networks, products and services, please visit www.redshiftnetworks.com.

Ref — http://news.yahoo.com/uk-soldiers-targeted-murdoch-phone-hacking-scandal-report-030337129.html

Redshift Networks

The Red Herring editorial team selected the most innovative companies from a pool of hundreds from across North America. The nominees are evaluated on both quantitative and qualitative criteria, such as financial performance, technology innovation, quality of management, execution of strategy, and integration into their respective industries.

This unique assessment of potential is complemented by a review of the actual track record and standing of a company, which allows Red Herring to see past the “buzz” and make the list an valuable instrument for discovering and advocating the greatest business opportunities in the industry.

“This year was very rewarding,” said Alex Vieux, publisher and CEO of Red Herring. “The global economic situation has abated and there are many great companies producing really innovative and amazing products. We had a very difficult time narrowing the pool and selecting the finalists. Redshift Networks shows great promise therefore deserves to be among the Finalists. Now we’re faced with the difficult task of selecting the Top 100 winners of Red Herring North America. We know that the 2011 crop will grow into some amazing companies that are sure to make an impact.”

Finalists for the 2011 edition of the Red Herring 100 North America award are selected based upon their technological innovation, management strength, market size, investor record, customer acquisition, and financial health. During the several months leading up to the announcement, hundreds of companies in the telecommunications, security, Web 2.0, software, hardware, biotech, mobile and other industries completed their submissions to qualify for the award.

The Finalists are invited to present their winning strategies at the Red Herring North America Forum in Hollywood, California, June 13-15, 2011. The Top 100 winners will be announced at a special awards ceremony the evening of June 15 at the event.

With the growing adoption of VOIP technologies, ubiquitous connectivity, sophisticated online betting (and trading) algorithms, a sub micro second delay can result in enough perturbations to cause severe losses!!

The scary part is that there is no adequate security solution in the market today to adequately combat this threat. Traditional rate based controls that Session Border Controllers (SBC) provide are good in detecting DOS attacks when there is a sudden upsurge in malicious traffic coming from a specific IP source. However, a side-channel attack is infinitely more subtle, as it adds just enough nuisance packets to a legitimate data stream to slow the data just enough to give someone else a chance to move first in the market. And these attacks can be simultaneously triggered from multiple random source locations making the detection even much harder.

What is need is pretty much a self-guided learning and mitigation system that automatically figures out such nuisance traffic in real time; no matter where it comes from, what packet granularity it may arrive in or at what rate it comes in; thwart it, blacklist the offending source locations while allowing legitimate business traffic to operate uninterrupted at mission critical latencies. This will be the true utopia security solution required to protect such high frequency trading networks against these attacks.

Ref — http://www.infoworld.com/d/the-industry-standard/hackers-find-new-way-cheat-wall-street-everyones-peril-699?source=IFWNLE_nlt_daily_2011-01-06

This has tremendous security implications. Suppose that they were not listening or looking for ‘dirt’ but listening to sensitive information related to National Security for the United Kingdom and their allies. This was carried out by a bunch of journalists who are amateurs in this ‘hacking’ environment. Supposed this was carried out more sophisticated elements of any government or any industrial espionage ring or even criminal or terrorist elements. Imagine the implications of this. All of this occurred because the phone and voicemail edi the Unified Communications and Collaborations were not secured properly.

That’s why it is so vital to comprehensively secure these Voice and Video environments – Unified Communications & Collaborations application and networks MUST be secure!!

In this posting, we talk about VOIP/UC network Botnet scanning and discovery based attacks being on the rise. The specific attacks happened in one of the major VOIP provider and this makes it very interesting. The SIP provides OPTIONS methods that allow a User Agent (UA) to query another UA or a proxy server as to its capabilities. This allows a client to discover information about the supported methods, content types, extensions, codecs, etc. without “ringing” the other party. All UAs MUST support the OPTIONS method.

Unfortunately, this also provides base for attackers to probe the network and find out more details on the internal VOIP/UC network topology, endpoints, server IPs, valid usernames or extensions etc. The attacker studies the responses from methods such as SIP OPTIONS, REGISTER or INVITE methods to make some pretty good guesses on valid extensions, usernames or server IPs etc. This often is a precursor to more sophisticated attacks such as Toll Fraud attacks, eavesdropping, message stealing, stealth DOS attacks on specific user extensions, War Dialing and SPAM attacks.

The scary part is that there are lot of publicly available tools that can quickly brute force and automate the generation of such requests and provide a list of valid usernames, extensions, user credentials, server names, IPs etc. Preventing such attacks without employing a sophisticated UC stateful and protection device is very difficult. It is very hard to shield UC/VOIP services that by their very nature need to be exposed to a certain extent.

Unfortunately enterprises and carriers that have Unified Communication & Collaboration solutions and applications can’t detect these attacks; The current generation of security solutions are not adequate enough to provide protection or trace these new security threats.
We saw a major VOIP provider get attacked from outside the US. This attack was an attempt to penetrate the core Unified Communication & Collaboration Servers, which would allow them to get access to the VOIP provider customer internal network and topology. VOIP providers have both enterprise and residential customers edi. The hackers were trying to get to their customers. The customers have rich information they can access and steal. The hackers are also using software that is readily available on the internet to generate these attacks which is even worse!!

What’s interesting here is that these kinds of attacks are happening all the time. If only people know that it’s actually happening it would be very helpful. Enterprises need to protect themselves and can’t be caught flat-footed. Don’t allow yourself to suffer the consequences of such attacks. There are several such security threats in the UC/VOIP realm that can shut down your business!! Pls. visit www.redshiftnetworks.com to learn more about them.

There’s a lot of information around the network around this topic; surprisingly one using very simple scanning and discovery tools can find lot of information about companies that otherwise should never be disclosed. Most often, this is due to poor security controls being placed on information disclosure.

Do you know what information is available on the internet about your UC&C Infrastructure? Do you know if anybody can reconfigure your telephone from internet?

So, I started googling the web in search for specific information about edi UC&C infrastructures using some standard keywords as listed below. The results are very alarming and show that several UC&C internal networks and systems are publicly visible on the internet with very little security controls. Typical results ranged from absolutely no security enforcements being placed to limited security that uses default vendor published passwords that are easy for anyone to guess.

Here are few such examples:

(I) Information Disclosure on a Cisco Unified Call Manager on a public IP.

(II) Information Disclosure on Cisco UC&C Devices available from VOIP Scanning

(III) Information disclosure on Sipura SPA SIP Configuration

(IV) Information Disclosure on Grandstream Device Configuration

(V) Information Disclosure on Polycom Sound IP Configuration Utility

These are just few such examples of Information Disclosure on UC&C networks and server configurations that can be available from the internet. Most often, Information disclosure and discovery based attacks the pre-cursors to more target and sophisticated attacks such as Toll Frauds, DOS, Service Abuse or stealing etc. The few examples in this document provide one of the several threat categories that can affect your UC&C networks and systems — “Information Disclosure” category.

It is therefore important to establish a right security posture, methodologies and protection to your core UC&C network, assets and systems.

This blog is meant to address the growing concern of security threats and attacks around Unified Communications, Collaboration and video/voice web-based applications.

Unified Communications & Collaboration applications are growing at a feverish pace with global companies like Cisco, Microsoft, IBM, Avaya, Polycom and many others, in the networking, application and communications space targeting the market. Enterprises, large, medium and small, are all embracing the power of this new interconnected world where voice, data and video networks are merged, and the traditional definition of enterprises and trusted silos are broken down daily.
With the daily advent of new fixed and mobile endpoint technologies, like the IPAD, the Android or IPhone smartphone, and cloud based networks and systems, to interconnect enterprises with their customers, with their partners and their own employees, the need to protect these networks from the on slaughter of attacks, threats and vulnerabilities is critical.

The Unified Communications & Collaboration realm is defined around real-time communications like: VOIP, Video Conferencing, Unified Messaging, Contact Center/Call Center applications, IVR & ACD systems, Presence, Collaboration, and a myriad of other communication applications. Some analysts have estimated that this market will grow to become a $35B market by 2013. Others have estimated a faster growth pace especially as global enterprises aggressively move towards reducing costs structures using these technologies to innovate and become more productive.

The security market around this technology is estimated to grow feverishly alongside the growth of UC & Collaborations market. RedShift estimates that this market will become a $1.7B by 2013.

We shall also be addressing the concerns around Voice/Video web-based applications.

As we all know security is not only about threats, attacks and vulnerabilities. Security is about setting the right policies inside the enterprise and giving the network managers enough information and visibility so that he/she can make an educated decision on how best to run the enterprise.
We believe that the current security model is flawed and has tremendous amount of holes. We can see this by the increase of attacks in the last couple of years – attacks have increased 50% year to year. “Best-of-breed’ solutions have given way to open source based solutions which we believe perpetuate the problem.
We, at RedShift Networks, have invited a set of luminaries from the global Information technology market to write about this general topic.

The goal of the blog is both to educated and exchange ideas.
I invite you to read this blog.