Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure; Company Provides Protection for Customers Against VoIP Vulnerabilities.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ) today announced it has provided protection for flaws the company discovered in VoIP technology offered by Cisco, one of the top players in the space. VoIP is a fast-growing, easy-to-use technology that allows users to make cost-effective phone calls over the Internet, instead of transmitting calls over traditional telephone lines. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Gartner, by 2007, 97 percent of new phone systems installed in North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. will be VoIP-based or hybrid. Despite the ease-of-use of VoIP, the technology behind it is a complex set of protocols, applications and appliances that require careful security attention. ISS warns that security concerns surrounding VoIP will continue to rise as the technology gains in popularity. "Voice over Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. is increasingly being adopted by corporations that wish to save money on telecommunications costs and streamline their communication infrastructure, providing employees with advanced features while simplifying administration processes," said Chris Rouland, chief technology officer at Internet Security Systems. "Like many of the applications that are driving today's businesses, VoIP travels over a variety of networks and the public Internet and is therefore susceptible to the same security perils as other staple network components like e-mail, databases and servers." The most recent VoIP security flaws discovered by ISS' X-Force(R) team lie in Cisco's Call Manager, an essential component to the functioning of any Cisco VoIP deployment, performing tasks such as call signalling and call routing. By exploiting these vulnerabilities, an attacker is able to trigger a heap overflow A heap overflow is another type of buffer overflow that occurs in the heap data area. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. within a critical Call Manager process, causing both a denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. condition and enabling an attacker to completely compromise the Call Manager server. This could allow the attacker to redirect calls or eavesdrop eaves·drop intr.v. eaves·dropped, eaves·drop·ping, eaves·drops To listen secretly to the private conversation of others. , as well as gain unauthorized access to networks and machines running Cisco VoIP products. Compromise of VoIP networks and machines may lead to exposure of confidential information, loss of productivity and further network compromise. The full ISS X-Force advisory on these flaws can be found at: http://xforce.iss.net/xforce/alerts/id/200. Available Protection: ISS has provided customers with protection for these vulnerabilities. Other organizations should review the following bulletin from Cisco for details on protection: http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml. ISS has also recently published a report that offers insight into how VoIP security can be compromised and tips on how organizations can protect their VoIP installations. The full report can be found at: http://xforce.iss.net/xforce/threat_insight_quarterly/index.php. For more information on Internet Security Systems(TM) preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/. About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and X-Force is a registered trademark of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion