Rothstein Associates Inc. Business Survival ™ Weblog

• Rothstein.com
• Home
• About
• Contact
• Resources
• Services
• Sitemap

• Popular Categories
• Vital Records
• Testing
• Templates
• survey
• Standards
• Special Offers
• Service Level Agreements (SLAs)
• Root Cause Analysis
• Risk Management
• Pandemics

• Profile

  • Register
  • Log in
  • Entries RSS
  • [Un]Subscribe to Posts
• Global Disaster Alert

  • Green earthquake alert (magnitude 6M and depth 21.7km) in Vanuatu 03/02/2012 03:46 UTC, About 3000 people within 100km.
  • Green earthquake alert (magnitude 7.1M and depth 23.1km) in Vanuatu 02/02/2012 13:34 UTC, No people within 100km.
  • Green alert for tropical cyclone IGGY-12. Population affected by Category 1 (120 km/h) wind speeds or higher is 0. with wind speeds Tropical Depression (maximum wind speed of 120 km/h) of hurricane strength or stronger.
  • Orange earthquake alert (magnitude 6.3M and depth 39.2km) in Peru 30/01/2012 05:11 UTC, 600000 people within 100km.
• Business Survival ™ News

  • Business continuity and disaster recovery for SMBs - ComputerworldUK
  • Lewisboro Reconfigures Emergency Management Team - The Daily Lewisboro
  • Emergency Management: New Master's Degree Program Offered - Hartford Courant
  • Disaster Recovery in the Cloud: Developing a Plan for Success - Virtualization Review
  • Calif. Gov. Brown Announces Appointments to California Emergency Management Agency - California Newswire
  • SMBs Are Losing Confidence in IT Disaster Recovery Systems: Survey Results - eWeek
  • National Data Center Service Provider, CoreLink Data Centers, and Technology ... - MarketWatch (press release)
  • Mississippi Emergency Management Agency Warns to Prepare for an Earthquake - LoanSafe
  • Q&A: Disaster recovery when your business sits on the San Andreas Fault - FierceCIO
  • Disaster Recovery Centers to close Feb. 11 - Fredericksburg.com (blog)

• Business Continuity/Disaster Recovery Bookstore Bestsellers

  Emergency Management Exercises: From Response to Recovery Special
  Exercises are a mainstay in the field of emergency management and business continuity planning. Although many companies conduct exercises, and the organizers may be emergency response subject matter experts, they do not excel in the discipline of designing and conducting the actual exercise – which means they simply don’t get the best results out of their effort. More...

  Business Continuity and Risk Management
  The First Ever College Textbook on Business Continuity and Risk Management — also a great reference source and self-study guide for business continuity practitioners and novices! More...

  Principles and Practice of Business Continuity
  This new book explores the subject of Business Continuity Management: from basic principles to best practices. More...

  Facility Emergency Management DVD-based training
  Facility Emergency Management is a brand new DVD-based Training Program PLUS a resource CD-ROM intended to help small and medium size organizations create facility action plans and institute emergency procedures in order to protect workers, customers, visitors and the nearby community from the effects of an incident, whether it begins inside or outside the facility. More...

  Disaster Recovery Testing
  Untested contingency / recovery plans are of little value. Testing is far more than finding holes in the plan: it confirms the underlying assumptions are workable; it can also be a valuable training tool. More...

  Manufacturing, Distribution Business Continuity
  A new Business Continuity template specifically designed for manufacturing or distribution businesses with 1,150+ pages on CD-ROM. More...
• Archives

  • February 2012 (6)
  • January 2012 (22)
  • December 2011 (22)
  • November 2011 (9)
  • October 2011 (24)
  • September 2011 (22)
  • August 2011 (7)
  • July 2011 (12)
  • June 2011 (9)
  • May 2011 (9)
  • April 2011 (1)
  • March 2011 (17)
  • February 2011 (10)
  • January 2011 (23)
  • December 2010 (10)
  • November 2010 (22)
  • October 2010 (17)
  • September 2010 (31)
  • August 2010 (22)
  • July 2010 (32)
  • June 2010 (41)
  • May 2010 (31)
  • April 2010 (21)
  • March 2010 (42)
  • February 2010 (47)
  • January 2010 (41)
  • December 2009 (48)
  • November 2009 (27)
  • October 2009 (17)
  • September 2009 (37)
  • August 2009 (48)
  • July 2009 (32)
  • June 2009 (39)
  • May 2009 (38)
  • April 2009 (47)
  • March 2009 (51)
  • February 2009 (43)
  • January 2009 (61)
  • December 2008 (36)
  • November 2008 (38)
  • October 2008 (39)
  • September 2008 (27)
  • August 2008 (44)
  • July 2008 (13)
  • June 2008 (6)
  • October 200 (1)
• Affiliates

  • Contingency Planning and Management
  • Continuity Central
  • Disaster Recovery Journal
  • Disaster-Resource.com
  • Kevin's SpyBusters Security Scrapbook
  • Peter H. Gregory
  • Rothstein Catalog on Disaster Recovery
  • Rothstein Catalog on Service Level Books
  • ZDNet Asia: BCP Confidential By Nathaniel Forbes
• Tags

  bci BCM BIA BS25999 budget Business Continuity Business Continuity Institute Business Continuity Management Business continuity standards business impact assessment case study cloud computing crisis communication crisis management cybersecurity data center data center disaster recovery DHS disaster preparedness Disaster Recovery disaster recovery testing education emergency management emergency preparedness Emergency Response Events exercise FEMA homeland security I.T. DIsaster Recovery information security InfoSecurity international pandemic planning Risk Management security small business SME Standards supply chain survey Surveys test Testing Training

Voice over IP Software Risk Alert

• Leave a Comment
• One Comment
• Main Article

Written by Paul Kirvan on December 18, 2008 in InfoSecurity.

Fortify Software recently warned companies using Voice over IP (VoIP) private branch exchange (PBX) software to be aware that the complex program code involved with Internet telephony can make such systems vulnerable to hacker attacks.  The company’s warning comes after the FBI announced that users of Asterisk VoIP PBX software should upgrade to the latest edition of the package to avoid a security flaw that lets hackers dial into their telephone systems.

According to Fortify, the problem facing small business users of VoIP systems is that although the PBX is hooked up to the regular telephone network and a company’s broadband Internet connection, most firms’ IT security resources do not extend their complete protective envelope around the PBX platform.  This means that VoIP users who think their telephone system is covered by, for example, a firewall application, could wake up with a nasty surprise on the phone bill front, after their PBX system has been compromised.

Fortify added that many VoIP applications are either open source, freeware or shareware, meaning they have not usually undergone code auditing and program vulnerability analysis.  That’s not to say that such software is not capable of performing the required function.  Firms need to be aware of the risks involved.

In Asterisk’s case, for example, a number of vendors have installed the PBX software on a specialist diskless server that not only increases security levels, but also boosts reliability and call quality.  This is clearly a step forward, and may be an option for any company worried about their VoIP system security.

Be Sociable, Share!

• 

• Tweet

Tags: Business Continuity, Disaster Recovery, network security, Telecommunications, Voice over IP

Contact Us | The Rothstein Catalog on Disaster Recovery | The Rothstein Catalog on Service Level Books Original Feature Articles | Disaster Recovery Forum | Today's Industry News | Links to Industry Web Sites Management Consulting Services | Business Survival ™ Newsletter Business Survival ™ Weblog (New!) ‘Keep Me Posted’ | Privacy Policy | Site Map | RSS Feed

Created by PDQ Web and sweetened with a modified version of Nick Berlette's Chocolate Theme.