From: Mark Teicher (mht3@earthlink.net)
Date: Tue Feb 07 2006 - 14:38:01 EST
What are the speaker qualifications your conference is looking for?
-----Original Message-----
>From: Ken Kousky <kkousky@ip3inc.com>
>Sent: Feb 7, 2006 9:48 AM
>To: 'Giancarlo Paolillo' <gpaolillo@earthlink.net>, 'Bob Radvanovsky' <rsradvan@unixworks.net>, joseph@cibir.net, pen-test@securityfocus.com
>Subject: RE: Converged Network Assessment - VoIP Security
>
>We recently released a call for speakers and a call for sponsors for the
>second annual VoIP Security Conference at Illinois Institute of Technology
>this May. If anyone on this list is interested in presenting or simply
>attending let me know and we'll send info
>
>regards
>
>Ken Kousky
>IP3 www.ip3security.com
>
>
>-----Original Message-----
>From: Giancarlo Paolillo [mailto:gpaolillo@earthlink.net]
>Sent: Monday, February 06, 2006 8:58 PM
>To: 'Ken Kousky'; 'Bob Radvanovsky'; joseph@cibir.net;
>pen-test@securityfocus.com
>Subject: RE: Converged Network Assessment
>
>Ken, all of your points are quite true..
>
>I can additionally tell you from experience that none of the major
>firewall companies will actually "certify" DPI on VoIP.
>Pin holes for both ports (5060 and 5061, UDP) is not even enough since
>some companies are changing to bypass well known ports as they may be
>getting blocked by ISPs.
>Solutions from Cisco or even Avaya's VoIP PBX solution will fail if DPI
>is turned on. For example, on a netscreen, you have to turn on "Ignore
>Type" just to allow that traffic to get through... not really more
>effective than a simple ACL on your border router...
>
>Then you have to worry about the actual devices and application!
>We found in some cases that some of the third party MTA vendors would
>begin retransmitting SIP messages several times per second if it failed
>the 1st time... imagine what that will do to your firewalls when your
>normal traffic may be 100K sessions on a 500k session fwll.... all of a
>sudden you have a DOS scenario which is due to non-standard of
>device/protocol/error management.
>
>It gets "better" from there....
>
>Giancarlo
>-----Original Message-----
>From: Ken Kousky [mailto:kkousky@ip3inc.com]
>Sent: Monday, February 06, 2006 9:07 AM
>To: 'Bob Radvanovsky'; joseph@cibir.net; pen-test@securityfocus.com
>Subject: RE: Converged Network Assessment
>
>I think one of the additional implications here is the realization that
>VoIP
>and multi-media will introduce new issues to the security community and
>should be factored into risk assessments. Pen tests should be adjusted
>accordingly.
>
>Several simple observations on the convergence impact:
>
>1) first, convergence is going to have a lot to do with integrating VoIP
>-
>here we should note that general managers are traditionally more
>concerned
>about voice privacy than email privacy (while most data folks know
>there's a
>lot of critical information in email, mgmt cares more about
>confidentiality
>on their voice communications) - this is likely to lead to wide-spread
>encryption of voice traffic which means it's an ideal convert channel
>since
>filters can't inspect encrypted data flows so look for malicious use of
>encrypted UDP packets
>2) VoIP requires two ports (each is unidirectional) for conversations -
>some
>firewalls or perimeter defenses talk about pin holes being opened for
>voice;
>don't you love it - a hole in the perimeter but it's only a pin prick
>2) acceptable, or functional latency is very different for voice and
>live
>video than for email or browsing; this means that many exploits that
>might
>cause a delay can actually produce an outage in the converged network
>3) power dependency is an important issue since the phone grid
>traditionally
>carried it's own power and that's not easy to do with VoIP
>4) location awareness is an issue as we see in the FCC battle over E911
>for
>VoIP
>5) spoofing of caller ID is made quite trivial in VoIP
>6) Convergence also commonly includes wireless and new client form
>factors
>like cell phones and hybrid PDAs
>
>These are not all direct issues for a pen test but risk assessment and
>planning should address these and far more.
>
>Each new technology we deploy opens up new vulnerabilities and it's our
>jobs
>to be in front of these.
>
>Convergence is far more than market hype - it's going to bring lots of
>new
>vulnerabilities and will require new, enhanced defenses.
>
>And, as I've said to vendors for 30 years "it's got to be taught before
>it
>will be bought" so it's got to start with education.
>
>
>-----Original Message-----
>From: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
>Sent: Sunday, February 05, 2006 3:12 PM
>To: joseph@cibir.net; pen-test@securityfocus.com
>Subject: Re: Converged Network Assessment
>
>Actually, it could go either way. The latest thing within the IT and
>security industries is "standardization". For the security industries,
>this
>means converging physical, cyber and policy management security
>together.
>For the IT industries, this means converging telephone (VoIP), video,
>and
>networking together.
>
>This makes sense that what they're offering is a complete suite of
>networking assessments for telephony, video and network (data). They're
>taking advantage of the "convergence movement" lately, and utilizing it
>as a
>method of a one-stop-shopping for assessing ALL technologies under ONE
>quote.
>
>Makes sense, doesn't it?
>
>Bob Radvanovsky, CISM, CIFI, REM, CIPS
>"knowledge squared is information shared"
>rsradvan (at) unixworks.net | infracritical.com | ehealthgrid.com
>(630) 673-7740 | (412) 774-0373 (fax)
>
>*** DISCLAIMER NOTICE ***
>This electronic mail ("e-mail") message, including any and/or all
>attachments, is for the sole use of the intended recipient(s), and may
>contain confidential and/or privileged information, pertaining to
>business
>conducted under the direction and supervision of Bob Radvanovsky and/or
>his
>affiliates, as well as is the property of Bob Radvanovsky and/or his
>affiliates, or otherwise protected from disclosure. All electronic mail
>messages, which may have been established as expressed views and/or
>opinions
>(stated either within the electronic mail message or any of its
>attachments), are left at the sole discretion and responsibility of that
>of
>the sender, and are not necessarily attributed to Bob Radvanovsky.
>Unauthorized interception, review, use, disclosure or distribution of
>any
>such information contained within this electronic mail message and/or
>its
>attachment(s), is(are) strictly prohibited. As this e-mail may be
>legally
>privileged and/or confidential and is intended only for the use of the
>addressee(s), no addressee should forward, print, copy, or otherwise
>reproduce this message in any manner that would allow it to be viewed by
>any
>individual not originally listed as a recipient. If the reader of this
>message is not the intended recipient, you are hereby notified that any
>unauthorized disclosure, dissemination, distribution, copying or the
>taking
>of any action in reliance upon the information herein is strictly
>prohibited. If you have received this communication in error, please
>notify
>the sender immediately, followed by the deletion of this or any related
>message.
>
>
>
>
>----- Original Message -----
>From: joseph@cibir.net
>To: pen-test@securityfocus.com
>Subject: Converged Network Assessment
>
>
>> I am newbie in the field of security, and stumbled across a security
>company
>> advertising that they conduct Converged Network Assessments.
>> As they describe the assessment focuses on both the voice and the data
>> network, in order to expose any new security holes created by a
>converged
>> network.
>>
>> .The assessment covers:
>> - External Security Assessment
>> - Internal Security Assessment
>> - PBX Assessment
>> - Adjunct Assessment
>> - Wireless Assessment
>> - Bluetooth Assessment
>> - Rogue Modem Assessment
>> - IDS Assessment
>> - SAN's Assessment
>> - VoIP Assessment
>> - Penetration testing
>>
>> So can someone provide me a honest answer to what a Converged Network
>> Assessment is, it sounds like a lot of marketing speak.
>>
>> thx
>>
>
>
>------------------------------------------------------------------------
>------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on
>your
>website. Up to 75% of cyber attacks are launched on shopping carts,
>forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers
>are
>futile against web application hacking. Check your website for
>vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before
>hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>------------------------------------------------------------------------
>-------
>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:27 EDT