Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaws Threaten VoIP Networks?

Posted by simoniker on from the flaws-flaws-everywhere dept.

jdkane writes "CNET News reports that security flaws have been found in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems. What's interesting, in Microsoft's case, is that the Internet Security and Acceleration Server product that's also affected is designed to help protect companies' networks from online attacks. Specifically, a filter used in the server that secures VoIP communications is vulnerable to the flaw."

3 of 159 comments (clear)

  1. You linked to Microsoft's patch by ObviousGuy · · Score: 5, Insightful

    So it seems they've already fixed the problem.

    Should we blame lazy sysadmins for not keeping their systems patched?

    Or should we blame Microsoft?

    --
    I have been pwned because my /. password was too easy to guess.
  2. Give them a break by odeee · · Score: 5, Insightful
    The same flaws affect many products - not just Microsoft. And the flaws are H.323 flaws - not necessarily ones introduced by Microsoft.

    In Cisco products - they are also vulnerable - and particularly when used as firewalls or edge devices.

    But then again it's more fun to blame MS isn't it ;-)

  3. It's not MS, it's VoIP -- expect more by Anonymous Coward · · Score: 5, Insightful
    It's not (juts) MS here that is having a problem. Bet on having a whole buncha security reports trickling in over the next few years with VoIP.

    1. It's an immature technology with immature implementations -- it's not shaken down yet to get all the flaws out (not just coding, but conceptual)
    2. The products and protocols (i.e. SIP (Silly Improvised Protocol)) are very ambitious and attempt to provide for making voice calls, IM, centrex features, user interaction with end point interfaces, presence, and emergency services, and cook your breakfast, too. Combined with #1 above, security flaws and problems are going to abound.
    3. Due to the ambitious, broad, and sprawling nature of the protocols and products, interoperability is going to be strained and painful, especially until a few dominant players shake out -- again expect problems due to interoperability side effects.
    4. As VoIP products and service spread, along with a plethora of devices, it is quite possible that a killer app or a brand new application shows up -- that manages to stretch the implements in unforeseen ways. (i.e. cookies with HTTP). Once consumer fads and marketing start driving the product development tooooo fast, expect more flaws until things mature.


    Taken all together, VoIP should be deployed very carefully in places where network security is important. You might even run into a case where even if your computer network is completely separate from the Internet, but you use VoIP over the internal LAN via a IP PBX, someone might hack your phone/VoIP endpoint through the encoded voice stream and gain access to your LAN. Stranger things have happened.