Sipera Systems (News - Alert) provides enterprises and service providers with VoIP/Unified Communications security solutions designed to protect, control and enable real-time unified communications. The Sipera IPCS products combine VPN, Firewall/SBC, Intrusion Prevention, Anti-Spam, Compliance and Troubleshooting functionality for VoIP systems in a single device. Sipera also hosts the Sipera VIPER Lab, which concentrates its efforts towards identifying VoIP vulnerabilities, while Sipera LAVA tools verify networks’ readiness to resist attacks.

 

Eric Winsborrow is CMO at Sipera. He was kind enough to respond to several questions I posed regarding trends in IP communications and what technologies are driving the market ahead.

EW: Enterprises are moving beyond the traditional deployment of IP Telephony, originally as a cost-effective replacement to basic TDM, to advanced Unified Communications (News - Alert) that extend beyond the enterprise to workers at home or other remote locations, and to partners and suppliers. With this move comes greater adoption of the SIP protocol beyond traditional proprietary VoIP protocols such as H.323.

 

That opens up risks that were not traditionally seen in VoIP deployments. The extension of Unified Communications/VoIP beyond the enterprise perimeter, and the adoption of a more open and flexible but vulnerable protocol such as SIP, is creating a balancing act with enterprises between the benefits of anywhere, anytime live communications with the increased security risks that comes along with it.

 

EW: SIP and SIP trunking technologies, which, for all the benefits, also expose enterprises to SIP protocol vulnerabilities, along with the additional risk of opening up the enterprise to whatever is coming in from the service provider network, or, more importantly, other untrusted networks. Enterprises shouldn’t assume that service provider networks are risk free, and should deploy their own risk mitigation measures as they seek the benefits of SIP and SIP trunking.

 

We’d also cite dual mode and smart phones technologies that likewise expose enterprise networks to additional security threats whenever telecommunications are connected to the Internet.

 

EW: Skype has shown the world that VoIP can be a convenient and cost-effective communications solution, not just for consumers, but for business users as well. Microsoft OCS, and other providers of user-based unified communications solutions, will benefit from the pioneering efforts of Skype.

 

EW: Each of these companies will change the telecom space in a positive way by bring their innovations to market and providing more choice for end users.

 

For Apple, the iPhone is activated by iTunes instead of AT&T, which is very interesting because service providers traditionally owned this. Further, Apple’s Web browser on a phone, and YouTube, GoogleMaps, and documents on a phone, are all great innovations.

 

Google’s Android (News - Alert) open platform phone, with third-party apps, will lead to further innovation and newer apps, truly exploiting the power of the smart phones.

 

And Microsoft, with its OCS platform, is delivering unified communications for traditional PBX, with seamless desktop integration.

 

All of these trends demonstrate that unlike traditional communications, which used to be proprietary and closed, communications systems are now increasingly open. The benefits (and risks) associated with opening up the Internet on the data networking side are now poised to be experienced in real time communications with VoIP, Internet video and other communications services. As Microsoft, Apple, Google and others enter the unified communications arena, both consumer and enterprise users will see an explosion of communications and productivity enhancements. Like the open data networking revolution, though, there will be associated security risks that come with these benefits.

 

EW: All of the trends mentioned above reflect a marketplace recognizing that it is important to adopt secure unified communications solutions. Unified communications are becoming more mainstream, and Sipera will benefit from the natural growth of this market.

 

Sipera is also being recognized for its leadership in VoIP/Unified Communications security, and just as security is becoming table stakes for data networking, so too will security be an expected part of any unified communications solution.

 

EW: Lack of SIP adoption is a threat to Sipera’s continues success. While the market recognizes that SIP will be the protocol for unified communications, because of its openness and extensibility, the rate of SIP adoption impacts Sipera’s growth. It isn’t a matter of “if” SIP will be the standard, but “when.” Whenever that occurs, however, Sipera is well positioned.

 

At the same time, the market can sometimes forecast through its rear-view mirror, in terms of anticipating the risks of VoIP/UC threats, and may not prioritize security accordingly. Original deployments of VoIP were with proprietary protocols, in a closed Voice LAN environment, so threats were limited to toll fraud and isolated denial of service attacks. With the extension of VoIP beyond the enterprise perimeter, and the adoption of a more vulnerable open SIP standard, enterprises deploying unified communications may not recognize quickly enough that risk management for VoIP should dramatically increase.

 

 

Sipera will also review general SIP vulnerabilities and specific VoIP/UC threats including: Reconnaissance, Wiretapping, Spoofing, Denial-of-Service Attacks, Unwanted Reboots, Replay Attacks and more. 

EW: This Sipera session will be of most use to CIOs, CSOs, IT managers, and voice architects looking to deploy VoIP or unified communications in the future. It is also ideal for service providers looking to extend their offerings to WiFi/dual-mode phones.

 

EW: Sipera’s unique perspective is that we know VoIP attacks are happening today. These threats are even being publicized in the media, so you can rest assured even more are happening yet go unreported.

 

In addition, Sipera offer the unique perspective of its VIPER Lab, which has published several threat advisories for soft phones, IP phones, and WiFi/dual-mode phones, and demonstrated an alarming enterprise VoIP-to-date exploit which allows hackers to take control of, delete and steal data from laptops using an enterprise VoIP software client.

 

EW: One of the most exciting market changes in 2008 will be the use of presence technology, expanding from the boundaries of instant messaging and including other communication modes such as mobile phones, hard phones at work and office, soft phones, etc. Further, presence will go beyond whether one is online to also include geographical location (via GPS), On Call, In Meeting, and In Car. The major challenge here will be understanding and managing privacy and security in this context based on domains, user groups, device, etc.

 

RT: Please make one surprising prediction for 2008.

EW: Integration of voice with data services will start a new breed of blended attacks, causing wide security breaches and data thefts, exploiting VoIP devices, soft clients, and protocols.