Feeds

Multimedia vulns pose severe risk

This could get messy

  • alert
  • submit to reddit

Top three mobile application threats

Numerous VoIP and video conferencing products are subject to serious security vulnerabilities because of widespread flaws in the implementation of a key multimedia protocol, according to an advisory by security clearing house CERT published yesterday.

The issue revolves around faulty implementations of H.323, the multimedia telephony protocol, affecting a wide variety of networking kit including VoIP and video conferencing gear, media gateways and Session Initiation Protocol (SIP) devices and software. The products of numerous vendors, including Cisco, Microsoft and Nortel, are affected. H.323 is an international standard protocol used to facilitate communication among telephony and multimedia systems.

The flaws came to light as a result of testing by the U.K. National Infrastructure Security Co-ordination Centre (NISCC), which has produced an advisory.

Exploitation of the vulnerabilities could be used to crash networking devices or run malicious code, CERT warns.

CERT's advisory contains a fuller list of vendors whose technologies may be affected by the vulnerabilities. Vendors are in the process of releasing patches, which users are urged to review as quickly as possible. As a workaround, sys admins are advised to apply filters to block access to the H.323 services at the network gateway.

This process is complicated because firewalls process H.323 packets and could themselves be vulnerable to attack. For this reason, users might want to disable application layer inspection of H.323 network packets until fixes are available.

CERT warns "protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make trade-offs between security and functionality until vulnerable products can be updated." ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.