Title: Unified Communications Threat Management (UCTM)
1Unified Communications Threat Management (UCTM)
- The Dark Side of SOA Solutions
- Roger Toennis
- Redshift Networks Inc.
- Sr. Director of Product Management
2SOA Unified Communications Deployments
SOA 18.2 billion in 2012
IP PBX 12 billion in 2011
UNIFIED COMMUNICATIONS 18 billion in 2011
200k to 300K IP Phones
Mobility
Deployment of 45K UC Cisco IP Phones
Customer Contact
Conference
Deployment of 10K UC Cisco IP Phones
IP PBX
Source Synergy, Datamonitor, Wainhouse, Ovum,
Cisco, Avaya
180K IP Phones
3The Hype Cycle Defined (Gartner)
Trigger
SOCIALIZATION DELIVERY
4Hype Cycle for Enterprise Communications Apps
5The Network Complexity Threat
Internal and External Complexity is the Biggest
Threat
6The Expanding Exposure/Threat Landscape
Database Server Farm
Presence/UC Server Farm
Email Server Farm
Web Server Farm
Enterprise C
Enterprise B
IP PBX Server Farm
Mainframes
IPS-DPI
Anti-SPAM
DB Firewall
Enterprise Service Provider
BYOB Broadband
Voice Everywhere!!!
WiFi
Dual-Mode
SOHO/Remote
7Evolution to Converged Communications
Converged Communications
Weak Security
- Rich multimodal user
- experience
- Dynamic applications
- Communications Enabled
- Business Process (CEBP)
- Built on converged
- networks
- High Exposure
High Asset Exposures
Converged Networks
- Integrated voice, video
- Data applications
- Distributed apps
- Hybrid networks (TDM, VOIP)
- Unified Communications
- (UC)
- Medium Exposure
Medium Security
Traditional
Medium Asset Exposures
- Separate voice, video
- Data networks
- Isolated networks
- Low Exposure
Strong Security
Low Asset Exposures
Modular Systems
Distributed Software and Systems
Integrated
8Communications Enabled Business Process (CEBP)
Server/Solution Integration New/Unknown Threat
Potential
9Evolving New Pain Points Emerge - VOIP Threats
IP PBX
Unified Messaging / PBX
VPhishing
VDOS
SPIT
Banks IP PBX
High-Tech company
East/West banks
Advertisement
Network
Network
Network
Customers Account Number PIN
Advertisement
NASA / NTT
Fake IP PBX
Number Harvesting
Eavesdropping
Toll Fraud
FBI
IP PBX
IP PBX
Major hospital
IP PBX
Buy 10,000,000
40 billion loss
123
100
Dad
Network
London
Network
456
Network
200
123 456 100 200 300
Buy 100,000,000
Mom
Uncle
300
Tokyo
Delhi
10VOIP and UC Threats
- Security threats to networks in general are
increasing over year (CERT Vulnerability Stats) - VOIP, UC and CEBP Applications present several
hundreds of threat vectors (additional) - Security awareness within IP telephony is
lagging traditional data in general
11VOIP/UC Attacks Timeline
GARTNER (2007) Enterprises that dont spend on IP
Telephony Security today will end up spending 20
of their Security Operations Budget on it in
2011. Enterprises that are proactive in nature
will only spend 5 of IP Telephony Security
Bank of America St. Barbara Bank East Coast Bank
UC attacks
2005 22B loss - SPAM
BotNet
VOIP Phishing
Microsoft Announces Vulnerability
Cisco,Blackhat announce VOIP vulnerabilities
SPAM
Layer 5-7
VOIP SPIT
Application
Loveletter 8B Loss
Blackhat Announces Vulnerability
Slammer 2B Loss
VOIP Vmail Spoof
Spyware
Code Red 2.6B Loss
NASA Utility
VOIP Data toVoice
Trojans
Layer 1-4
Infrastructure
Worms
Pena - 1M Stealth - 26M Panama - 100K
VOIP Toll Fraud
7
42
Virus
5
2010
2005
2000
1995
12Current Solutions are Lacking!!
SMTP
SIP, SCCP, H323, RTP
IP/UDP/TCP
Unprotected
ICMP/IP Anomaly
Anomalies
TCP Protocol
Anomalies
SIP/RTP
Unprotected
Exposed
Ports
Weak
Permissions
EMAIL
SPAM
VOICE
SPAM (SPIT)
Unprotected
ICMP Floods
TCP / SYNC
FLOOD
SIP RTP TLS Floods
Brute Force
Attacks
HTTP
Unprotected
Worms
Viruses
Malware
Buffer
Overflows
Registration
Hijacking
Toll Fraud
Call Forwarding
Impersonation
Spoofing
Unprotected
Session Tear
Down
Collaboration
Illegal Media
Injection
Redirection
Mixing
Unprotected
1000s
Of
Other
Attacks
Unprotected
13Emerging Awareness of VoIP/UC Vulnerabilities
- GARTNER (2007)
- Enterprises that dont spend on IP Telephony
Security today will end up spending 20 of their
Security Operations Budget on it in 2011. - Enterprises that are proactive in nature will
only spend 5 of IP Telephony Security
Yankee Group
14Visibility Control of Multiple Enterprise
Domains
Enterprise C
Enterprise B
IP PBX,
Database Server Farm
Email Server Farm
Web Server Farm
Desktop VLAN
DB Firewall
Service Provider
Anti-SPAM
IPS-DPI
Microsoft OCS
VoIP VLAN
IP PBX,
Presence
UMA/GSM WiFi/WiMax
WiFi
IP PBX/Presence/UM Server Farm
Enterprise A
Dual-Mode
Dual-Mode
15IT Needs Better "Visibility" "Control" at the
- Corporate Network Edge
- WAN Mobility/Home Office/Branch Office/SIP
trunking - Corporate Wireless Network Edge
- Campus/Inbuilding WiFi-DECT
- VoIP Server DMZ
- Critical Reliability Voice Assets
- PBX/Conference Bridges/IP Phones
- UC "Desktop/Server" Integrations
- Next generation Desktop UC solutions (OCS/IBM
Lotus/Etc) - CEBP "Server to Server" and Server to Hosted
Service Integrations. - Voice Enabled Oracle/SAP, Voice Enabled
Salesforce.com - Voice Alerts for Supply Chain, Converged B2B
Federations , etc.