Greg Galitzine's VoIP Authority Blog - Security Archives tag:blog.tmcnet.com,2011-06-15:/blog/greg-galitzine//6 2009-03-06T04:19:34Z VoIP and IMS News and Views Dallas Trip Winds Down; Sipera News tag:blog.tmcnet.com,2009:/blog/greg-galitzine//6.40040 2009-03-06T04:11:52Z 2009-03-06T04:19:34Z So my week in Dallas is finally winding down. Not that it hasn't been a great week, with interesting meetings with a number of the companies who reside astride the north Dallas Telecom corridor. In the last two days I've spent... Greg Galitzine http://blog.tmcnet.com/blog/greg-galitzine/ So my week in Dallas is finally winding down. Not that it hasn't been a great week, with interesting meetings with a number of the companies who reside astride the north Dallas Telecom corridor.
 
In the last two days I've spent time in the offices of Telstrat, NEI, NEC, Fujitsu, Texas Instruments, Excel, and Apptrigger; that's in addition to the executives I interviewed from a number of companies attending the Comptel show in Grapevine this week.
 
The interviews should be online shortly, to see if they've been posted, please visit the TMCnet video library.
 
I'll be following up with posts and articles about all the companies I met with, but in the meantime I wanted to share a bit of news from Sipera that's not made the rounds of the mainstream media just yet.
 
The company has just released an IP Video sniffer called UCSniff2.0. Until now, the information has only been posted on security boards and community sites, and on the SourceForge site at http://ucsniff.sourceforge.net/
 
The UCSniff2.0 eavesdrops, captures and records video conferencing sessions and works on regular IP Telephony too. Using the tool, an IT manager can perform a man in the middle voice capture and can reconstruct the voice call, shows holes in a security policy, and enable those responsible for a site's security to fix the application.
 
The timing is good, as many industry pundits are hailing 2009-10 as the timeframe when IP video comes into its own; the solution allows an IT manager to test their environment and move quickly to address issues.
 
Sipera also told me about VideoJak, an application designed to allow an IT manager to examine any vulnerabilities with regard to system availability.
 
According to a description on the SourceForge site:
 
VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264. VideoJak works by first capturing the RTP port used in a video conversation and analyzing the RTP packets, collecting the RTP sequence numbers and timestamp values used between the phones. Then VideoJak creates a custom video payload by changing the sequence numbers and timestamp values used in the original RTP packets between the two phones. After the user selects a targeted phone to attack in an ongoing video session, VideoJak delivers the payload over the learned RTP port against the target. This attack results in severely degraded video and audio quality.
 
I want to thank Sipera VP of Marketing Adam Boone for spending some time with me and for walking me through the new apps.
 
Watch for more exciting stuff from this Richardson-based security firm in the coming weeks.
]]> Sipera, RSA in Secure VoIP Deal tag:blog.tmcnet.com,2009:/blog/greg-galitzine//6.39880 2009-02-23T16:39:02Z 2009-02-23T16:40:13Z Sipera Systems says it's joined the RSA Secured Partner Program and RSA, The Security Division of EMC, said that it has certified interoperability between the Sipera IPCS UC security product family and the RSA SecurID two-factor authentication solution. The result is... Greg Galitzine http://blog.tmcnet.com/blog/greg-galitzine/ Sipera Systems says it's joined the RSA Secured Partner Program and RSA, The Security Division of EMC, said that it has certified interoperability between the Sipera IPCS UC security product family and the RSA SecurID two-factor authentication solution.
 
The result is a simple way for users to secure their VoIP phones without the need to use any special clients or phone configuration. All users need to do is enter the RSA SecurID one-time secure password and their PIN.
 
In an era where security and privacy compliance in industries such as healthcare, financial services and others is becoming critical, this solution helps an organization achieve its overall secure information goals.
 
Just today, TMCnet columnist Kevin Coleman published his most recent column, titled $1Trillion. In his note to me he wrote: "It's bigger than the bailout!" and when you stop to think about it, it's a scary thought.
 
The trillion that Coleman is referring to is not a US Government sponsored handout, it's the estimated dollar loss for intellectual property and data theft in 2008 for businesses globally. Coleman gets his numbers from Dennis C. Blair, the Director of National Intelligence, in his Annual Threat Assessment of the Intelligence Community for the Senate Select Committee on Intelligence. To learn more, read the entire article.
]]> Panda Warns on High School Musical Borne Viruses tag:blog.tmcnet.com,2008:/blog/greg-galitzine//6.38449 2008-11-24T17:52:12Z 2008-11-24T17:53:48Z Attention parents: In case you weren't aware, there are bad people online. Bad people who would disguise viruses, worms, and Trojans as innocent-looking files such as songs and videos related to Disney's popular movie franchise High School Musical. According to officials... Greg Galitzine http://blog.tmcnet.com/blog/greg-galitzine/ Attention parents: In case you weren't aware, there are bad people online. Bad people who would disguise viruses, worms, and Trojans as innocent-looking files such as songs and videos related to Disney's popular movie franchise High School Musical.
 
According to officials at PandaLabs, the research division of Panda Security, there's a growing rash of infected files being distributed through peer-to-peer file sharing networks such as eMule and eDonkey.
 
Luis Corrons, technical director of PandaLabs said:
 
"Cyber-crooks are exploiting the interest of the numerous fans of these films, by hiding their creations in files with names related to High School Musical. An added danger is that many of these fans are very young and as such are more likely to fall into the trap. It is therefore a good idea to give young children a basic grounding in IT security."
 
When users run these infected files their computers can be affected by malicious code such as VB.ADQ, the Agent.KGR Trojan, the adware Koolbar, and other nasty stuff.
]]> Enterprise SIP Security - Free Webinar! tag:blog.tmcnet.com,2008:/blog/greg-galitzine//6.37505 2008-09-08T21:24:57Z 2008-09-08T21:26:18Z One of the most serious subjects in all of telecom is security. It's something that is on the mind of everyone who is considering deploying next-generation SIP-based telecommunications solutions in their enterprise. And often times, there's just not enough firsthand... Greg Galitzine http://blog.tmcnet.com/blog/greg-galitzine/ One of the most serious subjects in all of telecom is security. It's something that is on the mind of everyone who is considering deploying next-generation SIP-based telecommunications solutions in their enterprise. And often times, there's just not enough firsthand information available.
 
Well an upcoming Webinar featuring speakers from two of the leading companies serving the enterprise market -- AudioCodes and Interactive Intelligence -- aims to educate attendees by teaching them the various things they need to know before deploying any SIP-based solutions.
 
Namely, attendees will learn about:
  • SIP Security challenges
  • Security misconceptions
  • Tools to counter security threats
  • Proactive monitoring; and
  • Effective solutions that are simple to deploy, tough to break
 
In this webinar, the speakers will address the challenges and the misconceptions surrounding SIP Security, and examine the tools available to counter them. This session will also explore robust solutions that not only tackle security threats, but also empower businesses to proactively protect their networks from current and future attacks. Included in this webinar, the speakers will examine the Interactive Intelligence suite of products as a communications platform case study that empowers businesses to tackle security threats while maintaining affordability and performance.
 
The webinar, entitled Do You Know Who is Listening?  The Truth of Enterprise SIP Security is set to take place on Thursday, September 11, 2008 12:00 PM ET / 9:00 AM PT.
 
In order to register, simply click here.
]]> Obama Cites Cyber Attack Threat tag:blog.tmcnet.com,2008:/blog/greg-galitzine//6.36880 2008-07-17T14:33:06Z 2008-07-17T14:41:04Z Kevin Coleman is a Certified Management Consultant and Strategic Advisor with the Technolytics Institute. He's also our newest columnist. Kevin's first column touches on a very important subject: the threat of cyber attacks. Spurred by a Barack Obama speech, in which the Democratic... Greg Galitzine http://blog.tmcnet.com/blog/greg-galitzine/ Kevin Coleman is a Certified Management Consultant and Strategic Advisor with the Technolytics Institute.
 
He's also our newest columnist.
 
Kevin's first column touches on a very important subject: the threat of cyber attacks.
 
Spurred by a Barack Obama speech, in which the Democratic candidate placed the threat of cyber attacks in the same category as nuclear and biological weapons, Coleman tackles the issue head-on and urges the powers that be to "act decisively now!"
 
As Coleman says, "The clock is ticking and there is no time for politics."
 
To read Kevin Coleman's first column in its entirety, click here.
]]>