The Security Management Stage 2 session on Integrating and Specifying Security Technology addresses many key issues to do with new security technology, including how to create dynamic return on security investment – the ability of a new security system to provide enterprise-wide value-added benefits.An example of dynamic return on security investment is where a new enterprise-wide IP CCTV project is integrated with voice-over-Internet protocol (VoIP) telephony. In some cases, organisations with particularly heavy telephony usage are able to recover the costs of the CCTV installation in just one year from savings in traditional landline call charges.
But there is a downside to VoIP, as identified recently in Communications News, which predicts no less than five VoIP-associated threats:
But there is a downside to VoIP, as identified recently in Communications News, which predicts no less than five VoIP-associated threats:
1. Denial-of-service (DoS) and distributed DoS attacks on VoIP networks will become an increasingly important issue.
2. HTTP or other third-party data services running on VoIP end-points will be exploited for eavesdropping and other attacks.
3. The hacking community, experienced with exploiting the vulnerabilities in other Microsoft offerings, will turn its attention and tools toward Microsoft OCS.
4. Hackers will set up more IP PBXs for vishing/phishing exploits. Vishing bank accounts will accelerate, due to ease of exploit and the appeal of easy money.
5. VoIP attacks against service providers will escalate, using readily available, anonymous $20 SIM cards. Service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making the spoofing of identities and use of illegal accounts to launch attacks easier.
