Internet Security Systems Discovers and Provides Preemptive Protection for Two Asterisk Vulnerabilities.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), the worldwide leader in preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. , enterprise security, today announced that its X-Force(R) research and development team has discovered and provided protection for ISS customers from two vulnerabilities in the Inter-Asterisk eXchange IAX is the Inter-Asterisk eXchange protocol native to Asterisk PBX and supported by a number of other softswitches and PBXs. It is used to enable VoIP connections between servers as well as client-server communication. protocol version 2 (IAX See Asterisk PBX. 2). The vulnerabilities, if exploited, could lead to complete denial of office telephone or Internet services in environments where Asterisk private branch exchange (PBX (Private Branch eXchange) An inhouse telephone switching system that interconnects telephone extensions to each other as well as to the outside telephone network (PSTN). ) is in use. Asterisk is an open source, freely available application that allows organizations to access all of the features of a typical telephony PBX, including voicemail services, call conferencing, interactive voice response, call queuing, three-way calling and caller ID services. "Users of Voice over Internet Protocol (VoIP) systems must be mindful not only of denial-of-service vulnerabilities in their VoIP PBX implementations, such as the vulnerability discovered in Asterisk, but underlying VoIP protocol weaknesses that may leave organizations open to vishing, a new security threat which uses VoIP to steal user information, and spam over the VoIP network," said Chris Rouland, chief technology officer of Internet Security Systems. "By leveraging preemptive protection from Internet Security Systems, organizations can avoid the potential loss of productivity and the business ramifications ramifications npl → Auswirkungen pl caused by these VoIP flaws as well as the underlying operating systems vulnerabilities that VoIP platforms run on." ISS X-Force has discovered a denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. vulnerability in the IAX2, which is used by Asterisk PBX to exchange Voice over Internet Protocol (VoIP) and call content. The vulnerability is apparent if an attacker floods the phone service with call requests, thereby preventing the phone service from handling new telephone calls. ISS X-Force discovered a second vulnerability that allows an attacker to leverage accounts without passwords on an Asterisk PBX network to flood another network with large amounts of traffic. The volume of traffic can saturate sat·u·rate v. Abbr. sat. 1. To imbue or impregnate thoroughly. 2. To soak, fill, or load to capacity. 3. To cause a substance to unite with the greatest possible amount of another substance. the victim's Internet connection and cause complete denial of Internet service to the victim. Additionally, victims of the attack may experience reduced quality of service. Asterisk has already released a patch to address the denial of service vulnerability. Asterisk users are urged to upgrade as soon as they can practically do so, or ensure that they do not expose IAX2 services to the public if it is not necessary. Asterisk users are strongly advised to ensure that no accounts are configured without passwords. For more details visit www.asterisk.org. ISS has provided customers with preemptive protection for these flaws through its Proventia(R) security platform. ISS' preemptive technology is based on the research and discoveries of its X-Force research and development team. By protecting against vulnerabilities rather than known exploits, ISS' Virtual Patch(R) technology keeps organizations ahead of Internet threats until they are able to obtain, test and apply patches from affected vendors. The ISS X-Force advisory on this vulnerability can be found at: http://xforce.iss.net/xforce/alerts/id/228 and http://xforce.iss.net/xforce/alerts/id/229. About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and X-Force, Proventia and Virtual Patch are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion