SANS Top 20 Internet Security Attack Target List for 2006 includes VoIP for the first time
Today SANS announced the 2006 version of their annual “Top-20 Internet Security Attack Targets” and for the first time, VoIP is included as one of the threats. It was listed as N1:
N1.1 Description
VoIP technology has seen rapid adoption during the past year. At the same time, there has been an increase in security scrutiny of typical components of a VoIP network such as the call proxy and media servers and the VoIP phones themselves. Various products such as Cisco Unified Call Manager , Asterisk and a number of VoIP phones from various vendors have been found to contain vulnerabilities that can either lead to a crash or a complete control over the vulnerable server/device. By gaining a control over the VoIP server and phones, an attacker could carry out VoIP phishing scams, eavesdropping, toll fraud or denial-of-service attacks.
Since many VoIP servers especially the ones at VoIP service providers are an interface between SS7 (traditional phone signaling) and IP networks, an attacker capable of compromising a vulnerable VoIP server could even potentially manipulate the SS7 signaling interconnection to disrupt services on the Public Switched Telephone Network (PSTN).
See more comments and report at VoIPsa blog.
Hi, I was looking around for a while searching for internet security issue and I happened upon this site and your post regarding SANS Top 20 Internet Security Attack Target List for 2006 includes VoIP for the first time, I will definitely this to my internet security issue bookmarks!
Hello, I was looking around for a while searching for internet security problems and I happened upon this site and your post regarding SANS Top 20 Internet Security Attack Target List for 2006 includes VoIP for the first time, I will definitely this to my internet security problems bookmarks!