Posted by sarahk closeAuthor: sarahk
Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (49) @ Fri, 20 Mar 2009 11:43:49 -0400
Welcome to InChannel for March 2009
Please take a look at our new layout. You may notice variations of this layout over the coming months until we find the just the right form and feel but the information is always guaranteed to be insightful and valuable.
Thanks for reading!
-Interwork Team
Posted in Asset Management, Authentication, Call Recording, Collaboration, Connectivity, Data Loss Prevention, Data Security, Desktop Management, Email, End Point, Firewall, IP PBX, IP Phones, Instant Messaging, Integration, Internet Content, PoE Switches, Reporting, Switches & Gateways, Systems Management, Terminal Emulation, Unified Messaging, VoIP, Voice Over IP, Web Analytics
Posted by sarahkcloseAuthor: sarahk
Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (49) @ Thu, 19 Mar 2009 11:40:27 -0400
by Peter Cox Founder and CEO of UM Labs Ltd.
The last couple of weeks have seen two significant VoIP vulnerability reports. The first, with the alarming name INVITE of Death, reported a vulnerability in an open source security product where a single malformed call request (or INVITE) can trigger a service failure (see http://ims-bisf.nexginrc.org/OpenSBC-vul.html). The tested product uses a popular SIP stack and so the same problem may appear in other products.
The second vulnerability, with the comparatively mundane name of SIP Digest authentication relay attack, is technically much more complex. The vulnerability was originally discovered by INRIA, a French National Research Institute and has now been documented in an Internet Draft.
The attack relies on making a call to a target device and then sending a carefully designed sequence of valid messages which trick the target device into authenticating a second call made by the attacker. An attacker could use this technique to make calls via a commercial service provider at the victim’s expense. This is yet another example of a toll-fraud attack, a topic that I have discussed before.
Far from spelling doom for VoIP, the Invite of Death attack simply demonstrates that VoIP is affected by exactly the same types of vulnerabilities as any other IP application. In this case a simple implementation error leaves the application open to a remote Denial of Service attack. This vulnerability has already been fixed by the product developers.
The relay attack is more of a concern. The attack is made possible by protocol design features. This means that careful planning and implementation and well designed security controls are needed to protect against the threat.
Both of these vulnerabilities underline an important point. VoIP applications are open to application level security threats which can disrupt the service or allow an attacker to gain privileged access to the system.
Application level threats require application level security controls. So if you are relying on a generic firewall to protect your voice system, the chances are that it will not block or even detect these threats.
Posted in Call Recording, Firewall, IP PBX, IP Phones, PoE Switches, Switches & Gateways, Unified Messaging, VoIP, Voice Over IP
Posted by sarahkcloseAuthor: sarahk
Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (49) @ Fri, 06 Feb 2009 10:19:35 -0500
Welcome to InChannel: find out about new products, upcoming events and great promotions!
Sponsored by: Trend Micro featuring SMART PROTECTION NETWORK
In this edition:
- 5 ways to attract new customers and sell more to existing customers
- Bandwidth and identity-bases management available with SMB UTM appliance from Cyberoam
- Interwork founding sponsor of CompTIA Security Trustmark Accreditation
- Trend Micro Smart Protection Network QLM
5 WAYS TO ATTRACT NEW CUSTOMERS AND SELL MORE TO EXISTING CLIENTS
In March, Interwork and select vendor partners will be participating in an “online seminar series” discussing product updates and unique opportunities for solution providers to grow their business in 2009. Presentations are business-focused and not technical, covering proven, ready-to-use messaging for your sales team. Topics include: Why Leading with Data Loss Prevention Wins More Business, Sell More Encryption To Existing Customers, Increase Revenue By Using a Multi-Layered Security Approach, How to Build A Successful Voice Practice.
To learn more or register for one of our online seminars, please click here
BANDWIDTH AND IDENTITY-BASED MANAGEMENT AVAILABLE WITH SMB UTM APPLIANCE FROM CYBEROAM
 Interwork is currently recruiting new partners for Cyberoam, a unique UTM appliance for small and medium businesses. Interwork selected to partner with Cyberoam because of its truly original features, high margins and 100% channel-friendly partner program. Receiving 5 Stars from SC Magazine for 3 years in a row, Cyberoam offers bandwidth management, load-balancing and identity-based (NAC) control at extremely competitive prices.
Check out Cyberoam’s recruitment promotions
INTERWORK FOUNDING SPONSOR OF COMPTIA SECURITY TRUSTMARK ACCREDITATION
The CompTIA Security Trustmark, a vendor-neutral business-level accreditation, identifies solution providers that follow security best practices. The main objective of the accreditation is to create and continually update the baseline standards of security practices around service and support competencies for solution providers. This accreditation is an excellent opportunity to demonstrate the value of your security knowledge and best practices, further setting your company apart from competitors.
For more information, please contact your Interwork Business Development Manager or visit their website.
Register for the webinar on Feb 25 at 2 pm EST here
Trend Micro featuring SMART PROTECTION NETWORK
The Trend Micro Smart Protection Network is a next generation cloud-client content security infrastructure designed to protect customers from Web threats. By combining internet-based-or “in-the-cloud”-technologies with smaller, lighter-weight clients, you will have immediate access to the latest protection wherever and however you connect. It’s security made smarter.
NEW QLM for Trend Micro Partners - Trend Micro is pleased to announce the availability of the Smart Protection Network sales training Quick Learning Module. Learn more about The Smart Protection Network, challenges in today’s threat landscape, key components of the Smart Protection Network, how it work and a competitive overview by reviewing the Quick Learning Module.
Learn more about Smart Protection
Sincerely,
The Team at Interwork Technologies
More than just a part and a price.
Posted in Asset Management, Authentication, Call Recording, Data Loss Prevention, Data Security, Desktop Management, IP PBX, IP Phones, PoE Switches, Reporting, Switches & Gateways, Unified Messaging, VoIP, Web Analytics
« Previous Page
|
