Tuesday, October 13, 2009

New Threat to Voip Industry - SPIT

VoIP Spam Is Called SPIT

As if an inbox jam-packed with email ads for organ-enlargement and weight-loss products was not bad enough, now VoIP users can look forward to becoming a brand-new target. Slowly but surely, spammers are adding SPIT (SPam over Internet Telephony) to their bags of tricks. Warned Terrence Brewton, a Frost & Sullivan market analyst, “SPIT is an evolving threat that will come on par with the prevalence of spam, all because of the VoIP products we’re now seeing in homes and the commercial marketplace.”

More than simply an annoyance, SPIT’s real-time impact on a network “ ... creates business risks because it opens up companies to denial-of-service attacks like any other IP-based system,” said Brewton. What’s more, SPIT can consume bandwidth, thereby diminishing call quality and reducing employee productivity.

While it’s true that SPIT is still quite rare, VoIP’s growing popularity is certain to make its presence more widespread. Fortunately, there are steps that companies can take to combat SPIT.

Filtering: According to Brewton, “The best course of action for any IT manager who is trying to protect his VoIP system is to buy filtering technology and keep up with patch management.” But while VoIP providers can help filter out obvious SPIT before it traverses a network, there is always a risk of false positives — legitimate traffic or large-scale message transmissions that are accidentally flagged as SPIT and prevented from reaching employees.

Firewalls: A VoIP firewall is an application driven by a security policy that defines whether to allow or deny certain calls. Administrators set policies through GUIs similar to those found in traditional data firewalls. A first line of defense against numerous threats, this technology detects and blocks VoIP DoS (denial-of-service) attacks, SIP attacks, toll fraud, virus infections and SPIT.

VoIP SEAL: NEC Corp.’s VoIP SEAL is a new tool that targets calls originating from spam-generating software and ill-intentioned humans. SPIT is detected and blocked based on communication patterns observed during the call. If a spam-related call comes in, VoIP SEAL will prevent the phone from ringing.

Voice Recognition: Microsoft has developed V-Priorities, a system for automatically screening phone calls. The technology works by analyzing characteristics of a caller's voice and word usage to figure out how urgent a call is and whether the caller is a friend, a family member, a colleague or a stranger.

Although the aforementioned security options are effective SPIT countermeasures, they also present drawbacks. “Any time you try to run any type of packet through any kind of filter, it’s going to slow down network processes. That’s because VoIP is a very sensitive piece of technology,” said Brewton. Such latency issues can lead to reduced quality of service and customer frustration.

Nor is there a panacea for SPIT. Even the brightest and best-prepared IT managers can be a step behind hackers. Said Brewton, “Everything changes at the speed of light on the Internet. Spammers are changing their tactics constantly because they’re trying to make money like anybody else. So by the time you’ve figured out what they’re doing, they’ve gone on to the next attack. That’s the one thing people really have to remember about security; we’re always fighting yesterday’s attack.”

Further complicating matters is the fact that the savings accrued through a VoIP network can be somewhat offset by having to invest in the appropriate security technologies. In the end, said Brewton, companies need to weigh what they stand to gain — and possibly lose to SPIT — by deploying a VoIP network. “With any technology,” said Brewton, “you really need to take pause and ask yourself, ‘Do I really need to deploy this? Is this going to be cost-effective? What is going to be my total cost of ownership for purchasing such a new technology?’”

www.astnext.com is dealing in Anti SPIT solutions to tackle this