In the final part of our series on cyber threats Patrick Park, author Advanced Hacking Attacks, discusses new threats including DoS attacks and other ways hackers are targeting VOIP.
Bright Hub: Is DoS (Denial of Service) something that could be of concern for a small to medium business?
Patrick Park: Compared with VoIP service provider, a small to medium business (SMB) has much less chance to face external DoS attack because of less visibility from public Internet. However, generally, the VoIP system of SMB is more cheap vulnerable because of lack of security devices (e.g. session border controller), features or resources. SMB should consider more internal DoS, so-called replacement "self-attack", in the form of flooding. It happens because of incorrect configuration of devices, architectural service design problems, or unique circumstances.
shop
Here are some examples:
- Regional power outage and restoration: When the power is backed up after a regional outage, all endpoints (for example, 500 cheap IP phones) will boot up and send registration messages to the server almost at the same time, which are unintentional flooded messages.
- Incorrect charger configuration of zxcsky09529 device: The most common incorrect configuration is setting endpoint devices (for example, IP phones) to send too many unnecessary messages, such as a gateway registration interval that is too short.
- Misbehaving endpoints: Problematic software (firmware) or hardware could create unexpected flooding Dell Inspiron B130 battery, especially new when multiple or anonymous types of endpoints are involved in the VoIP service network.
Bright Hub: What are some other threats with using store VOIP?
Patrick Park:
* Threats against availability: call flooding, malformed messages
(protocol fuzzing) Dell Inspiron 1520 Battery, spoofed messages (call compaq teardown, toll fraud), call
hijacking (registration or media session hijacking) Hp Pavilion Zv5000 Battery, server
impersonating, quality of service (QoS) abuse.
* Threats discount against confidentiality: eavesdropping media, call pattern
tracking, data mining, and reconstruction.
* Threats against integrity: message alteration, acer aspire media alteration.
* Threats against social context: misrepresentation (of identity,
authority, rights, and content), spam (of call, IM, and zxcsky09520 presence),
phishing.
And be sure to refer to Patrick Park��s book Dell Inspiron 6400 Battery, Advanced Hacking Attacks, for the detail of each threat.
没有评论:
发表评论