VoIPshield Security Suite Debuts
VoIPshield Systems announced the VoIPshield Security Suite, a comprehensive set of VoIP security applications purpose-built to protect VoIP networks. The products ship in appliance or software form, and are designed for use by enterprises, VoIP service providers, security integrators and consultants.
VoIP networks and devices are vulnerable to unique security threats and exploits, because of the real-time nature of the traffic. In addition, many new protocols and products make up the VoIP infrastructure, which traditional security products and approaches are not designed to protect.
The VoIPshield Security Suite includes: VoIPaudit - VoIP vulnerability assessment and penetration testing tool;
VoIPguard - VoIP Intrusion Prevention System;
VoIPscreen - VoIP Network Access Control system;
VoIPblock - Anti-SPIT (Spam over IP Telephony) system; and
VoIPportal - VoIPshield Application Portal and Management Console
Each application draws on VoIPshield's proprietary database of VoIP-specific vulnerabilities and exploits, developed by VoIPshield Labs. The database is a collection of previously undiscovered exploits and zero-day attacks on popular VoIP PBXs and phones, and is unique in the industry.
The first entry in the suite, VoIPaudit 2.0, which has been in customer trials since last year, is now generally available. VoIPaudit scans an enterprise VoIP network, identifying where devices are vulnerable to attacks such as denial-of-service attacks, call eavesdropping, registration hijacking, toll fraud, and vishing (voice phishing). For each found vulnerability, VoIPaudit identifies procedures to remediate the security threat. VoIPaudit's customers receive continual updates to the vulnerabilities database through VoIPaudit's ActiveUpdate function, included in all VoIPshield's security products. VoIPaudit supports products from the leading VoIP PBX and phone vendors, as well as all products using the Session Initiation Protocol (SIP).
The remaining products in the VoIP Security Suite will enter beta testing this summer. The next product scheduled to be released is VoIPguard, the Voice Intrusion Prevention System.
" Attacks on VoIP systems fall into one or more of five categories: Confidentiality (Privacy), which includes call eavesdropping, call recording and voicemail tampering;
Availability, which includes denial of service attacks, buffer overflow attacks, and malware;
Authenticity, which includes registration hijacking, caller ID spoofing, and sound insertion;
Theft, which includes toll fraud (service theft) and data theft through masquerading data as voice and data network crossover attacks; and
Voice Spam, known as SPIT, which includes unsolicited calling, voice mailbox stuffing, and vishing (voice phishing).
"Some of the attacks are pretty sophisticated, and companies don't like to publicize it when it happens to them, but it does," said Rick Dalmazzi, president and CEO of VoIPshield Systems. "It happens from outside and inside the organization. Extortion and blackmail, organized crime, industrial espionage, it's all there. SIP is a very open protocol. The IP PBX systems are first-generation implementations. Everything is very vulnerable right now. And hacking is no longer for fun, it's for profit. People trust phone systems, and the bad guys use that to their advantage."
VoIPshield has also formed a new professional services group designed to guide enterprises in their VoIP security efforts, and assist security integrators and consultants in building their VoIP security practices. The company is also announcing the "VoIP Security QuickStart" program, which bundles the VoIPaudit VoIP Vulnerability Assessment product with custom professional services at an attractive price.