Top Security
December 2005 Issue As we were pulling together the three security-related articles for this month’s issue, a press release from a sister publication, Broadband Business Forecast, caught our attention. In an investigative story released in early November, BBF Editor Stuart Zipper uncovered a major security attack on a VoIP enterprise telephony system. Hackers had evidently figured out a way to “zero out” cost codes and thus steal long-distance service. The declining cost structures of telephone service may well have diminished the motivation for such theft and thereby reduced security threats. At least that’s something that Jim Barthold heard during the course of researching his story for this issue. But Zipper’s investigation proves that threats exist and suggest that Barthold is correct in arguing why they will persist. “It’s not to save money,” he wrote in an e-mail. “It’s just for the hell of stealing service and proving that you can do it!” For more technical discussions of how to lock down cable’s voice and data networks, see the articles from Cisco Systems’ Mark Millet and tComLabs’ Wim De Ketelaere and Luc Martens. Bottom line: Threat reduction begins by using existing techniques, such as disabling dynamic service flows; but it doesn’t end there. On another note, for answers to all the questions on policy-based networking you didn’t realize you needed to ask, read Jason Schnitzer’s primer on the topic. Let us or him know if you have more. Jonathan Tombes
Editor
jtombes@accessintel.com