Издательство Syngress Publishing, 2006. - 592 p.
The business of securing our private data is becoming more important and more relevant each day. The benefits of electronic communication come with proportionate risks. Critical business systems can be and are compromised regularly, and are used for illegal purposes. There are many instances of this: Seisint (Lexis-Nexis research), Choicepoint, Bank of America, PayMaxx, DSW Shoe Warehouses, Ameriprise, and T-Mobile are all recent examples.
Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to a new national survey sponsored by global law firm White & Case. The independent survey of nearly 10,000 adults, conducted by the respected privacy research organization Ponemon Institute, reveals that nearly 20 percent of respondents say they have terminated a relationship with a company after being notified of a security breach.
Companies lose customers when a breach occurs. Of the people we surveyed who received notifications, 19 percent said that they have ended their relationship with the company after they learned that their personal information had been compromised due to security breach. A whopping 40 percent say that they are thinking about terminating their relationship, said Larry Ponemon, founder and head of the Ponemon Institute.
The practice of information security has become more complex than ever. By Gartner’s estimates, one in five companies has a wireless LAN that the CIO doesn’t know about, and 60 percent of WLANs don’t have their basic security functions enabled. Organizations that interconnect with partners are beginning to take into account the security environment of those partners. For the unprepared, security breaches and lapses are beginning to attract lawsuits. It’s going to be the next asbestos, predicts one observer.
The daily challenges a business faces—new staff, less staff, more networked applications, more business partner connections, and an even more hostile Internet environment— should not be allowed to create more opportunities for intruders. The fact is, all aspects of commerce are perilous, and professional security administrators realize that no significant gain is possible without accepting significant risk. The goal is to intelligently, and economically, balance these risks.
This book is based on the premise that in order to secure VoIP systems and applications, you must first understand them. In addition, efficient and economical deployment of security controls requires that you understand those controls, their limitations, and their interactions with one another and other components that constitute the VoIP and supporting infrastructure.
Introduction to VoIP Security
Asterisk Configuration and Features
The Hardware Infrastructure
PSTN Architecture
H.323 Architecture
SIP Architecture
Other VoIP Communication Architectures
Support Protocols
Threats to VoIP Communications Systems
Validate Existing Security Infrastructure
Confirm User Identity
Active Security Monitoring
Logically Segregate Network Traffic
IETF Encryption Solutions for VoIP
Regulatory Compliance
The IP Multimedia Subsystem: True Converged Communications
Recommendations