09:55 AM
Melanie Turek
Melanie Turek

Security and Unified Communications: How Vulnerable Are You?

Recently, Cisco announced that Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are vulnerable to attack. CUCM can be made to crash via attack traffic aimed at particular ports. Both CUCM and CUPS can be flooded with ICMP Echo Requests; the resultant barrage of pings could effectively crash the servers.

CallManager servers are used to process VoIP calls—taking them down would have significant impact on a company’s ability to communicate. And even if affected servers were only to lose select feature capabilities, as is more likely with the ping-flood threat, there would still be significant loss in end-user productivity (both because users couldn’t access those features, and as they start a flood of their own by pinging tech support to find out what the heck is going on).

I must say, neither vulnerability surprises me—indeed, I expect to see many more such problems in the months and years to come, as companies double down on their VoIP and UC deployments. That, of course, could pose a significant problem for IT managers, who now have to worry about securing all their communications applications on an IP network, and from multiple types of attacks. If you think e-mail viruses and spam are bad…

Indeed, if you thought network security was important before, you better bet it’s even more critical today. When a company’s entire communications infrastructure (voice, chat, presence, video and collaboration) runs on a single IP network, the point of failure is large and enticing. No wonder Interop feels like a security show these days, rather than a networking one (hey—just check out the list of exhibitors to see what I mean).

There’s another security issue to worry about, too: compliance. Today, most companies are taking proactive measures to log and archive e-mail messages, and at least those in regulated industries do the same for IM (other companies should, too, but they don’t). But what about Web conferencing or collaboration sessions? Wikis? How about all those voice calls that are, effectively, just a bunch of data packets traveling across the network? Do they need to be logged and archived as well?

The answers aren’t clear—the typical response I get from IT executives when I ask that is “I sure hope not!—but the questions are valid. Are you prepared?

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 26, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.