The switch from a traditional communications infrastructure to one that rides the IP highway has made it easier for hackers and other nogoodniks to squeak in through security cracks to steal data, swipe financial information and eavesdrop on VoIP and video streams. It's as if the world has stepped into a William Gibson novel ... without all the cool implants. And the threat is very real. With vital corporate information at stake, companies can’t afford to risk insecure environments. And yet the benefits of unified communications—a unified inbox integrated with presence, voice and other features—provide an undeniable boost to productivity at a time when companies are looking to increase productivity without hurting their bottom line with more expenses. So what’s a company to do? Forgo the benefits in favor of security? Or risk a breach and data loss or worse in order to gain the benefits of unified communications? The first step is to know what to watch for. Two UC specialists recently offered details of some of the biggest threats to unified communications platforms today.
of
Same threats, different day
Unified communications is a set of multi-faceted technologies that have been integrated to interoperate with one another, and so there are a lot of different security concerns relative to the type of technology and how it connects with all of the other technologies, said Jonathan Edwards, analyst for unified communications and enterprise communications infrastructure at IDC. However, moving to an IP world means there are real-time security threats that didn't exist before.
Social software
A lot of applications in the unified communications space have social software elements, and a big concern is what users are doing in social media that businesses can't secure. They don't want lock social media down, but at the same time, businesses can't let the inmates run the asylum, Edwards said. Apps like FaceTime harden and secure social networking sites.
Regulatory compliance
Businesses are less worried about malware when it comes to their unified communications technologies and more concerned about ensuring they adhere to compliance regulations. Because UC apps access the public Internet, there are concerns about letting sensitive data leak out.
Consumer devices in the enterprise
Although IT has to give workers' consumer devices access to the corporate infrastructure, there are more and more consumer devices in the workplace that are connecting to corporate data. New devices show up every day, and somehow IT has to manage and secure all of them that connect to unified communications.
Code vulnerabilities
As like any other type of application, unified communications applications have code vulnerabilities that hackers can exploit. Hackers are using those exploits for monetary gain.
Attacks come from everywhere
"The attacks have been anywhere from the traditional security attacks like denial-of-service attacks to SIP scan attacks," said Amitava Mukherjee, president and CEO of RedShift Networks.
Scan attacks
Port scan attacks continue to be a big problem. Hackers use them to probe for vulnerabilities in unified communications deployments that they can later exploit for their own gain.
SPIT attacks
Spam attacks over IP telephony (SPIT attacks) and robo-calling have become much easier to do in the IP-enabled voice world, Mukherjee said. SPIT attacks are where every phone in the company starts ringing, and when someone picks up the line, it's an advertisement. Such spam attacks are becoming increasingly common.
Eavesdropping
Another type of attack that has become easier in the IP-enabled world is eavesdropping, whether it's listening in on voice streams or capturing video streams, Mukherjee said. Hackers use sniffers to collect the packets from the communications streams to listen in on conversations. "That's rampant right now," he said.
Conversation alteration
Connected to eavesdropping attacks, conversation alteration is starting to take place, where hackers are able to access voice packets and change what people are actually saying. "Those are tremendous attacks that are actually happening today," Mukherjee said.
Toll fraud
Hackers break into major carrier or VoIP provider services to make free phone calls on the IP network. However, it's not only hackers doing this, Mukherjee said. Individuals or businesses trying to get around paying for their services are also engaging in the practice, which is costing service providers millions of dollars per year.
34,000 threats in the wild
RedShift Networks has identified more than 34,000 threats to unified communications in the wild.
Awareness is lacking
"What's interesting is these attacks are happening and a lot of these companies aren't aware of it because a lot of the devices out there don't detect these kinds of attacks," Mukherjee said.
Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking. Learn More
WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace. Click Here
10 Key Ingredients That Have Made Apple So Successful
10 Reasons RIM`s New CEO Won`t Fix the Company
Eight IT Jobs Skills That Win Six-Figure Salaries
Social Media Best Practices to Land that Dream Job
Channel Executives On The Move: 2012
Why SOPA Is Such A Big Issue
See All Slideshows
