Archive for March, 2011

March 10, 2011

Cloud Computing World Forum Middle East and Africa in Dubai

I had a chance to attend the conference (09-03-2011). It was rich contented and lot of thought process in different angles. Its benefits, commercials, challenges, security, legal and future. One thing sure the drive is towards cloud, it’s private, public and hybrid. Cloud computing is there the time internet started or the mainframe started. Now the service delivery models changed. Tomorrow this service can call it as different name with some added value or modifications. Discussion of PaaS, IaaS, SaaS was fruitful and given thought of the service model. Cloud model has CAPX and OPX benefits. But it’s depends the maturity of the organization or how the approach is. Couple of challenges related to this region discussed about the connectivity, legal aspects and security. More and more players coming this market with different service design. The concept still to go for more maturity and definitions. Virtualisation, consolidation, thin clients are the couple of components making this journey. Anywhere any time access. Optimization and de-duplication also part in it.

Cloud Computing World Forum Middle East and Africa in Dubai

March 3, 2011

Security Threats In VoIP

Users have been exposed to the risks of sending data over the Internet while at the same time having the expectation that telephone conversations are strictly confidential. Security issues in the data and voice networks are in fact very similar, but completely separate in the minds of most users. Major security concerns of VOIP networks.

• Phreaking
Phreaking is a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems. This is sometimes called the H/P culture (with H standing for hacking and P standing for phreaking). Through this making calls through another user network, putting cost to that person.
• Eavesdropping
Eavesdropping is how most hackers steal credentials and get important information like business data. Through eavesdropping, a third party can obtain names, password and phone numbers, allowing them to gain control over voicemail, calling plan, call forwarding and billing information.
• Vishing
Vishing is a party calling you faking a trustworthy organization (e.g. your bank) and requesting confidential and often critical information.
• DoS (Denial of Service)
DoS attacks can be carried out by flooding a target with unnecessary SIP call-signaling messages, thereby degrading the service.
• SPIT (Spamming over Internet Telephony)
SPIT attacks consist of sending a voicemail to a person, masquerading it with information from a party trustworthy to the receiver, like a bank or online paying service, making him think he is safe.
• Man-in-the-middle attacks
VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.