Look in the mirror: those bags under your eyes, that sallow skin, the haunted look. You must work in IT. Between keeping the network running and dealing with hackers, slackers, and clueless managers, it's a wonder you get any rest at all.
But if you think you're losing sleep now, just wait. A batch of new problems is about to make a good night's sleep even more elusive. Nightmare scenarios include VoIP security breaches, scary data leaks, rogue software infestations, configuration calamities, and creepy compliance concerns. By all accounts, there's good cause to sleep with one eye open.
Things That Go VoIP in the Night
In November 2004, Edwin Andres Pena allegedly paid suspected computer hacker Robert Moore $20,000 to steal more than 10 million minutes of VoIP telephone service so Pena could resell them to unsuspecting customers. But the hacker didn't attack Vonage or any of the second-tier VoIP providers. He went after an investment firm in Rye Brook, N.Y., which had no clue its network had been hacked.
As enterprises increasingly replace segments of their traditional phone systems with VoIP, they put themselves at risk for what Covergence CTO Ken Kuenzel calls "phone flu" -- attacks that target weaknesses in the Session Initiation Protocol that VoIP applications employ.
"The problem is we've not yet applied the same security principles and models to the SIP protocol that we have to HTTP and SMTP," says Kuenzel, whose company sells VoIP security solutions. "It's a situation where systems are vulnerable to all sorts of attacks and intrusion."
Click for larger view.
"With VoIP, it's significantly easier to disrupt communications from remote locations," says Richard Telljohann, manager of security software at IBM Tivoli. "The same worm that takes out your e-mail system can also take out your phones."
WorldxChange, a New Zealand VoIP provider, uses Covergence's Eclipse software to secure VoIP service for its commercial and residential customers. Many IT pros fail to take into account the complexity of VoIP deployments, says Phillip Moore, operations manager for WorldxChange. He says they don't pay enough attention to signaling and media security, port restrictions, firewall rules, account access, and provisioning information.
"If IT managers want to sleep better at night, they need to apply the same security practices to voice that they have to e-mail and Web traffic," Kuenzel says. "They know what to do and how to do it, they just need to deploy products that bring these new apps in line with their tried-and-true security models."
The Data Leak Under the Bed