|
Vigilar Releases Open Source VoIP Hopper Tool
(Market Wire Via Thomson Dialog NewsEdge) ATLANTA, GA, September 10 / MARKET WIRE/ --
Vigilar, a leading provider of information
security solutions and services, today announced the availability of the
"VoIP Hopper," an automated tool that rapidly runs a VoIP network
configuration validation test to help enterprises determine the
vulnerability of their VoIP networks. The VoIP Hopper has been released as
an open source tool, and can be downloaded from
http://www.vigilar.com/services/voip_hopper.html. The convergence of voice
and data into a single network promises to reduce costs, improve quality
and simplify management. But as voice exists on the network as yet another
application, it poses new challenges to the enterprise and new potential
security risks arise. In particular, in a converged VoIP deployment, where
a single Ethernet cable provides both the phone service and the computer
connection, significant risks arise. Concerns arise around the ability to
gain privileged access through publicly accessible phones, such as those
found in lobbies, hotel rooms, and conference rooms.
Securing Voice VLANs
The new VoIP Hopper tool allows enterprise IT administrators to test their
networks for a specific vulnerability that can occur when the Voice VLAN
feature is enabled. With this feature enabled, a PC can be daisy chained to
an IP Phone and the connection for both PC and Phone to be trunked through
the same physical Ethernet cable. As a result, users can easily gain access
to the data network using a VLAN hop from the data network to the voice
(known as a VoIP hop). Once on the network, a malicious user could run
several different types of attacks against the IP Phone network, including
eavesdropping on unencrypted phone calls, or causing interruption of
service against the IP Phone network. Worse still, the user could also
access the data network, gaining access to mission critical, proprietary
data and applications, such as customer data and email or financial
applications.
The VoIP Hopper
To discover whether a network may be vulnerable to potential VoIP attacks,
Vigilar has developed an assessment method called VoIP Hopping, and an
automated assessment tool called the VoIP Hopper. Released as open source,
the new VoIP Hopper tool helps IT administrators test their networks to
determine if VoIP Hopping possible on their network. The VoIP Hopper
enables administrators to quickly and easily test the protection controls
of a Layer 2 network to see if a regular PC can mimic the behavior of an IP
phone and thereby gain access to the IP Phone network.
"The benefits of VoIP are clear, but there are great risks to implementing
a VoIP Network without proper Layer 2 network controls in place," said
Jason Ostrom, researcher for Vigilar and developer of the VoIP Hopper tool.
"As attack vectors against the VoIP networks become more common,
enterprises must begin protecting themselves against these potential risks.
We are pleased to release the VoIP Hopper tool to the community, and hope
that it will help security teams and VoIP administrators in their
evaluations of the security of their VoIP networks."
Vigilar also recommends that enterprises enable the following controls to
mitigate VoIP Hopping attacks:
-- Enable Port Security or MAC Address Filtering
-- Enable 802.1x
-- Proper firewall placement or network segmentation
For more information on the VoIP Hopper vulnerability assessment tool, or
for a VoIP security consultation, contact Vigilar at www.vigilar.com.
About Vigilar
Since its inception in 2000, Vigilar, a leading provider of information
security solutions and services, has focused solely on improving its
customers' security postures. Vigilar's security expertise is
all-encompassing and includes security architecture design, product
selection and delivery, implementation services, regulatory compliance
services, risk assessments, IT security audits, and IT and security
training. In addition, Vigilar offers the ATLAS security-as-a-service,
which provides enterprises with managed asset and license tracking,
technical support, log management, authentication management and systems
maintenance. Vigilar partners with the industry's most innovative
information security technology providers to offer fully integrated
solutions that meet risk management, network infrastructure, and compliance
needs. Vigilar has offices throughout the Southeast and Southwest United
States. For more information, visit www.vigilar.com.
Press Contact:
Zenobia Austin Godschalk
ZAG Communications
678.799.8279Email Contact
Copyright 2007 Market Wire, Incorporated
[ Back To AstriCon's Homepage ]
|
INDUSTRIES
Activate Email 
INDUSTRIES
