|
Web of Worry
Himanshu Dwivedi and Zane Lackey of security firm iSEC Partners warn that VoIP protocols such as IAX and H.323 remain open to easy exploits. The latter, they say, is particularly vulnerable to attack but that most users assume it's secure because there has been little evidence to the contrary.
Dwivedi says it's important to shed light on the threat because VoIP use has exploded in the last three years without much consideration of the security risks. Lackey agrees, saying, "While companies are in the same mindset with VoIP as they were a couple years ago, there are more and more tools out there that can be used to both attack and defend it."
While the security implications of virtualization are cloudier, Core's Arce is convinced of a gathering threat there.
"I see big imp...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
lications for virtualization, though the impact isn't yet clear," Arce says. "Flaws in the technology could be used to disrupt virtual environments, and if you run a bunch of virtual machines on a server and that server is compromised, there could be a lot of damage. The flip side of using virtualization to reduce your number of servers is that you can do more damage by hitting fewer servers."
Some of the dangers associated with the technology surfaced earlier this year, when virtualization giant VMware was forced to fix 20 security holes. The flaws plagued all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE and VMware Player. The company quietly acquired host intrusion prevention vendor Determina to help bolster its defenses from within, but has offered little by way of a clear security vision.
|
 |
|
