VOIP Services Susceptible to Major Attacks Through SIP, New Report FindsSIP is subject to the same types of attacks as email, but a successful attack could disable an enterprise's voice network, says Light Reading's VOIP Services InsiderPRNewswire NEW YORK, Nov. 15 /PRNewswire/ -- The flexibility and openness of Session Initiation Protocol (SIP) have made it a key building block for voice-over-IP (VOIP) services, but SIP also makes carrier and enterprise VOIP networks vulnerable to crippling attacks that could bring services down for days, according to the latest report published by Light Reading's VOIP Services Insider (http://www.lightreading.com/entvoip), a subscription research service from CMP's Light Reading (http://www.lightreading.com/). SIP & VOIP: The Coming Security Crisis explores the vulnerabilities of VOIP networks to outside attacks and surveys available SIP security solutions, examining likely geographic expansion and providing an in-depth evaluation of the technology relative to its competition. It examines factors that vendors should address to promote growth, including technological and marketing issues. Additionally, it offers a detailed case study and provides a comparative analysis of some of the top companies in the SIP security arena. Companies analyzed in this report include: BorderWare Technologies Inc.; Check Point Software Technologies Ltd. (NASDAQ: CHKP); Covergence Inc.; Ditech Networks Inc. (NASDAQ: DITC); Edgewater Networks Inc.; Ingate Systems AB; Intertex Data AB; Juniper Networks Inc. (NASDAQ: JNPR); Newport Networks Ltd. (LSE: NNC); Radware Ltd. (NASDAQ: RDWR); and SonicWall Inc. (NASDAQ: SNWL). Other companies mentioned in this report include: 3Com Corporation (NASDAQ: COMS); Acme Packet Inc. (NASDAQ: APKT); Cisco Systems Inc. (CSCO); McAfee Inc. (NYSE: MFE); Net2Phone Inc.; and NexTone Communications Inc. SIP is subject to the same types of attacks -- including viruses and denial-of-service (DOS) attacks -- that affect email communications, but a successful attack through SIP is likely to have a larger impact on the affected network, notes Denise Culver, research analyst with Light Reading's VOIP Services Insider and author of the report. "SIP enables voice traffic to traverse VPNs, potentially carrying with it all of the things a hacker might want to attach to such a message," she says. "While those in the email security world have had more than a decade to contend with these issues, SIP security vendors are trying not only to address the issue of securing SIP messages but also to ensure that SIP can successfully traverse a firewall at all." A big part of the problem with SIP is that vendors have rushed products into the market that don't make use of all the security measures recommended in the protocol standard, Culver adds. The standard's flexibility is also an issue in making networks vulnerable to security breaches, she says: "Until vendors reach a point at which interoperability is not just a requirement but actually something they recognize in terms of the security it provides across SIP itself, the protocol will remain inherently flawed." Other key findings of SIP & VOIP: The Coming Security Crisis include the following: -- Although SIP is widely considered the standard protocol for VOIP
services, it doesn't traverse firewalls, creating problems for users
and security vendors.
-- Attention placed on eavesdropping at the SIP phone level isn't driving
users to encrypt SIP, even though eavesdropping presents a viable
threat.
-- While the cost of securing SIP networks is widely debated, everyone
agrees that much more will be spent over the next 12-18 months to keep
networks secure.
SIP & VOIP: The Coming Security Crisis provides critical data and analysis for a range of industry participants, including: -- Suppliers of SIP security product needing independent market analysis
of the SIP security sector
-- VOIP network operators and enterprise network planners evaluating
deployment of SIP security products and the risks posed by potential
security breaches to their networks
-- Investors needing a better understanding of the scale of the
opportunity that SIP security presents, and which types of companies
are best positioned in the sector
SIP & VOIP: The Coming Security Crisis, a 12-page report in PDF format, is available as part of an annual subscription (six issues) to Light Reading's VOIP Services Insider, priced at $1,295. Individual reports are available for $900. To subscribe, or for more information, please visit: http://www.lightreading.com/entvoip. For more information about other Light Reading Insider research services, please visit: http://www.lightreading.com/research. To request a free executive summary of the report, or for details of multi-user licensing options, please contact: Jeff Claudino Director of Sales Insider Research Services 619-229-9940 claudino@lightreading.com Press/analyst contact: Dennis Mendyk Managing Director Insider Research Services 201-587-2154 mendyk@heavyreading.com About Light Reading Founded in 2000, Light Reading (http://www.lightreading.com/) is the ultimate source for technology and financial analysis of the communications industry, leading the media sector in terms of traffic, content, and reputation. It reaches an extensive audience of executives and technologists within the telecom and enterprise networking communities, as well as the financial/industry analysts and investors who track these sectors. Light Reading was acquired by United Business Media in August 2005, and operates as a unit of CMP Technology. About CMP CMP (http://www.cmp.com/) is a media and marketing solutions company serving the technology industry. With the leading online, event, and print brands in all technology market categories, and with services and tools that reach beyond traditional advertising, CMP shapes and influences the technology industry worldwide. CMP publishes highly respected media brands such as TechWeb, InformationWeek, ChannelWeb, CRN, EE Times, and TechOnline; produces major industry events such as Interop, Web 2.0 Expo, XChange, Game Developer Conference, and the Embedded Systems Conferences; and provides business information and marketing services such as the International Customer Management Institute, Semiconductor Insights, and Second Life consulting for technology marketers. CMP is a subsidiary of United Business Media (http://www.unitedbusinessmedia.com/), a global provider of news distribution and specialist information services with a market capitalization of more than $3 billion. For more CMP news, go to cmp.com/news. SOURCE: Light Reading CONTACT: Jeff Claudino, Director of Sales, Insider Research Services, Web site: http://www.lightreading.com/ |