Posted by admincloseAuthor: admin Name: David Schultz
Email: dschultz@seachange.com
Site: http://www.interwork.com
About: See Authors Posts (5) @ Fri, 05 Mar 2010 11:55:31 -0500

This week at RSA in San Francisco, WatchGuard announced the launch of two new multifunction firewall solutions to add to their product lineup: the XTM 5 Series and XTM 2 Series.

XTM 5 Series
Ideal for Mid-Tier Enterprises, WatchGuard XTM 5 Series Multifunction Firewall Appliances redefines network, application and data security.
Read the press release.

XTM 2 Series
Ideal for SMB and branch offices, the new WatchGuard XTM 2 Series Family of Multifunction Firewalls provide strong security, advanced networking in an easy to use Appliance.
Read the press release.

Posted by sarahkcloseAuthor: sarahk Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (38) @ Thu, 21 May 2009 12:07:34 -0400

IT Security specialist blogger, Mike Muller, reviews Trend Micro’s Worry Free Business Security 6.0 after deploying and testing in his own business environment…. and he gives a high recommendation!

Read his article for more detail!

Posted by sarahkcloseAuthor: sarahk Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (38) @ Fri, 20 Mar 2009 11:43:49 -0400

Welcome to InChannel for March 2009

Please take  a look at our new layout. You  may notice variations of this layout over the coming months until we find the just the right form and feel but the information is always guaranteed to be insightful and valuable.

Thanks for reading!
-Interwork Team

Posted by sarahkcloseAuthor: sarahk Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (38) @ Thu, 19 Mar 2009 11:40:27 -0400

by Peter Cox Founder and CEO of UM Labs Ltd.

The last couple of weeks have seen two significant VoIP vulnerability reports. The first, with the alarming name INVITE of Death, reported a vulnerability in an open source security product where a single malformed call request (or INVITE) can trigger a service failure (see http://ims-bisf.nexginrc.org/OpenSBC-vul.html). The tested product uses a popular SIP stack and so the same problem may appear in other products.
The second vulnerability, with the comparatively mundane name of SIP Digest authentication relay attack, is technically much more complex. The vulnerability was originally discovered by INRIA, a French National Research Institute and has now been documented in an Internet Draft.
The attack relies on making a call to a target device and then sending  a carefully designed sequence of valid messages which trick the target device into authenticating a second call made by the attacker. An attacker could use this technique to make calls via a commercial service provider at the victim’s expense. This is yet another example of a toll-fraud attack, a topic that I have discussed before.
 
Far from spelling doom for VoIP, the Invite of Death attack simply demonstrates that VoIP is affected by exactly the same types of vulnerabilities as any other IP application. In this case a simple implementation error leaves the application open to a remote Denial of Service attack. This vulnerability has already been fixed by the product developers.
The relay attack is more of a concern. The attack is made possible by protocol design features. This means that careful planning and implementation and well designed security controls are needed to protect against the threat.
Both of these vulnerabilities underline an important point. VoIP applications are open to application level security threats which can disrupt the service or allow an attacker to gain privileged access to the system.
Application level threats require application level security controls. So if you are relying on a generic firewall to protect your voice system, the chances are that it will not block or even detect these threats.

Search

Recent Posts

• WatchGuard unveils new high performing solutions at RSA
• So much security! Now even more!
• Introducing a special promotion to enable SIP trunking with a ShoreTel PBX. Save up to $2,000 over other popular solutions
• From Chaos to Control: Best Practices in Standardizing Terminal Emulation
• Register today: Learn about Survey, a solution that guarantees ROI

Categories

• Asset Management
• Authentication
• Call Recording
• Collaboration
• Connectivity
• Data Loss Prevention
• Data Security
• Desktop Management
• Email
• End Point
• Firewall
• Instant Messaging
• Integration
• Internet Content
• IP PBX
• IP Phones
• my.interwork.com
• Network Management
• PoE Switches
• Reporting
• Switches & Gateways
• Systems Management
• Terminal Emulation
• Uncategorized
• Unified Messaging
• UTM
• Voice Over IP
• VoIP
• Web Analytics

Archives

• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• December 2008
• November 2008
• September 2008

Interwork Recommends

• Fonality CEO/Janitor’s Blog
• Trend Micro Malware Blog