Joel Maloff Phone. com jmaloff@phone. com February, 2012
Setting the Stage for Security SIP is a protocol incorporated into various service offerings. Unified Communications is a concept that incorporates various communications functions into a single approach. Ensuring the security of our communications, especially given the proliferation of the cloud, is more important than ever!
Security is STILL an Issue – Even for the Big Guys! ESG (Enterprise Strategy Group) Research surveyed large enterprises (2011) and found the following: • 20% are certain that they have been the target of an Advanced Persistent Threat (APT); 39% believe that they have likely been targeted. • Unfortunately, many of these felt inadequately prepared to respond!
Security is STILL an Issue – Even for the Big Guys! • 32% - lack of security forensic skills • 29% - lack of technical skills in incident response team • 26% - inadequate ability to gather relevant information • 26% - lack of executive management buy-in to incident response policies and procedures • 25% - lack of integration between the incident response and legal team • 23% - lack of a formal external communication plan • 23% - lack of a formal internal communication plan If companies of 1000+ employees have these issues, where does that leave the smaller organizations? • Source: http: //www. networkworld. com/community/blog/2012 -year-incident-response
Some of the Challenges Unified Communications is more than just voice. • Document exchange • Archival and auditing for compliance with regulatory and legal statutes • Platform-specific attacks
Some of the Challenges • Eavesdropping on Vo. IP, IM • Hacking IP or soft phones to remotely activate them as an eavesdropping attack vector • Toll Fraud • Denial of Service Attacks
Addressing the Challenges SIP and UC are part of the business information infrastructure. • They must be incorporated into the existing information systems security policies and procedures. • Documented policies and procedures with regular review are essential for minimizing the impact of security vulnerabilities. • Vendors and service providers can help, but they are not responsible for your security plan – you are!
Addressing the Challenges IP phones are NOT phones as in the past – they are networkenabled computers and must be treated as such! Firewalls, SBCs, ACLs, VLANs, authentication, encryption, and IDS/IPS are all tools that are to be deployed as part of a coherent PLAN – they are not themselves strategies or policies! Security requires perpetual vigilance • Penetration testing is invaluable.
Let’s hear from our panel!
Скачать презентацию Joel Maloff Phone com jmaloff phone com February 2012
1f5dd0f75b75723a28b93e9291163271.ppt