Business continuity adverts
Monthly newsletter Weekly news roundup Breaking news notification    
VOIP code risk warning

Get free weekly news by e-mailFortify Software, the application vulnerability specialist, has warned companies using VOIP private branch exchange (PBX) software to be aware that the complex program code involved with Internet telephony can make such systems vulnerable to hacker attacks.

Fortify's warning comes after the FBI has announced that users of the Asterisk VOIP PBX software should upgrade to the latest edition of the package to avoid a security flaw that allows hackers to dial-through access on their telephone systems.

"The problem facing small business users of VOIP PBX systems is that although the PBX is hooked up to the regular telephone network and a company's broadband Internet connection, most firms' IT security resources do not extend their complete protective envelope around the PBX platform," said Rob Rachwald, Fortify's director of product marketing.

"This means that users of VOIP PBX systems who think their telephone system is covered by, for example, a firewall application, can wake up with a nasty surprise on the phone bill front, after their PBX system has been compromised," he added.

According to Rachwald, many VOIP applications are either open source, freeware or shareware, meaning they have not usually undergone code auditing and program vulnerability analysis.

That's not to say that such software is not capable of performing the required function. Far from it, says Rachwald, but firms need to be aware of the risks involved.

A growing number of open source applications, such as Asterisk, says Rachwald, are also being hardened and installed on more secure appliances, rather than vanilla PCs.

"In Asterisk's case, for example, a number of vendors have installed the PBX software on a specialist diskless server that not only increases security levels, but also boosts reliability and call quality. This is clearly a step forward, and may be an option for any company worried about their VOIP PBX security," he said.

http://www.fortify.com

•Date:12th Dec 2008• Region: World •Type: Article •Topic: Warnings
Rate this article or make a comment - click here

BC Journal

SPONSOR: Business Continuity from Backup Technology




Copyright 2010 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help