- +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Enterprises have been warned to avoid IP telephony for staff engaged in teleworking.
While tweaking firewalls for premium VoIP traffic allows easier remote access in a telework environment, it can also create a potential security hole putting the network at risk.
Security firm Assurance.com.au director, Neil Wise, said hackers can access a network by locating the address of VoIP Web servers on Google or by scanning for commonalities in mail server protection lists.
"If users fail to change default settings, hackers can access a hole into the network by locating the VoIP Web server [on Google] and could find usernames and passwords in installation documentation from the vendor's Web site," Wise said.
"Many second-tier Australian telcos ship VoIP phones preconfigured. Installation wizards are designed to have minimal user input to make the technology attractive and to reduce support costs but this makes users vulnerable to a very real attack."
"Hackers could also use IP phones with packet-capture to record conversations, depending on the type of encryption used. For example SIP 1.0 [session initiated protocol] could be easily decoded, while SIP 2.0 is much harder."
Telsyte director, Warren Chaisatien, said hackers can leverage the vulnerability to access other Web applications such as online banking.
"While hackers could gain access to networks and steal user accounts to make phone calls, they would cause the most damage in gaining online banking details by monitoring keystrokes," Chaisatien said.
"VoIP phones are subject to these network vulnerabilities because they are an IP application. Users need to realize this and must be very careful and use the same precautions they would for online banking."
User who leave default answering messages are similarly vulnerable, according to Tipping Point director of security research, David Endler, because it allows hackers to identify the phones' make and model.
"Vendors' default voicemail answering messages are unique, so calling the system and listening to the message can tell hackers what brand IP phone system is being used and they can tailor their reconnaissance and attacks accordingly," Endler said.
"Firewall scans reveal open ports and tools can map likely protocols; however, VoIP-aware firewalls close these ports so they are only open when they need to carry calls."
Both Wise and Endler said the solution is to disable VoIP Web servers, change default usernames, passwords and voicemail greetings.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
IOGEAR Gears Up in Australia 2008-10-09 20:18:00+10
Internet Service Providers offer new unlimited Online Backup from F-Secure 2008-10-09 19:42:00+10
Wireless LANs: Is my enterprise at risk?
Achieve an overall understanding of the risks associated with wireless LANs. Discover their inherent properties, as well as what makes them different from wired networks. Read on to uncover a list of recently published articles on real-life breaches and incidents illustrating the need for proactive measures to mitigate wireless security risks.
