30 September 2009

Proactive Defense for VoIP and Unified Communications in Financial Services Firms

sponsored by IPC Systems, Inc.


As financial firms move to VoIP and unified communications, security managers are tasked with locking down another portion of the network infrastructure. This video offers a short primer on VoIP and an attackers’ objective, as well as the typical types of attacks including:

  • Denial-of-service (DoS) attacks
  • Eavesdropping/man-in-the-middle attacks
  • Replay and cut-and-paste attacks
  • Call and registration hijacking, among others

This video also covers setting appropriate policies and security measures to endpoints, access, network elements, servers, operations and management systems. Additionally it includes best practices for functions such as segmenting IPT and soft phones on separate LAN segments, constraining country codes to prevent certain exploits, mitigating rogue devices, and authenticating endpoints with strong credentials before associating SIP.