ISSA Ottawa Chapter Event

VoIP Security: VoIP Is Not Data

Many firms are moving to hosted, managed, or self-provided VoIP services because it is an effective way to reduce their costs and provides additional services and capabilities with little overhead.

Unfortunately, during the planning and implementation phases, organizations often make the mistake of treating VoIP as just another data flow. The result is that the unique security requirements and issues associated with this real-time communications system are not exposed or mitigated. Unless VoIP services are properly implemented, organizations leave themselves vulnerable to attacks that can compromise the security of their communications and erode customer confidence.

Therefore, it is critical that businesses consider the risks specific to VoIP and architect their solution to include appropriate mitigation strategies prior to implementation.

This presentation will:

  • Provide an overview of VoIP from a security practitioner perspective
  • Discuss VoIP’s unique architectural constructs
  • Outline some of VoIP’s threat and risk considerations such as:
    • Denial of Service
    • Interception
    • Management Plane Attacks
    • SIP Registration Hijacking
    • Spam over Internet telephony (SPIT)
    • SPIM (SPAM over Instant Messaging)
    • Spoofing
    • Theft of Service
    • Vishing
  • Provide recommended best practices for VoIP implementation

Speaker: Lawrence Dobranski, CISSP-ISSAP, CISM, CSSLP

Lawrence Dobranski is the founder of Catalone IT Security Inc. He is a senior security leader, principal security architect and technologist with over 25 years experience in information security, working in industry, professional services, and government. He has acknowledged expertise in information security leadership, architecture, VoIP security, application security, agile security and security in the software lifecycle. He has taught, lectured, written and blogged extensively on information security.

Lawrence is a part-time faculty member at Algonquin College in Ottawa, Ontario, where he teaches IT Security courses as part of the Computer Studies Department, where he draws on his in depth, hands-on experience, and knowledge of information security. As well, he is currently working towards an MBA in Information Security Management (Jones International University) and simultaneously, a DSc in Information Assurance (University of Fairfax). His DSc research interests are in re-useable software security components as part of product platforms. Lawrence holds three information security patents.

DATE:
Thursday, September 30, 2010
TIME:
11:45 am to 1:00 pm (registration is from 11:45 am to noon)
WHERE:
Novotel, 33 Nicholas Street, Ottawa Tel: (613) 230-3033 Directions
COST:
$25 for ISSA Members, $30 for Non-Members (includes lunch)
PAYMENT:
Cash, Cheque or MasterCard (MC only) at the door please.
TO REGISTER:
E-mail registration@issa-ottawa.ca with the following information:
Event Title, Name, Telephone, E-Mail, Member Status and Number (if applicable), Special Dietary Requirements

Seating is limited so register early!

Please note: Substitutions are permitted, however, non-members will not be granted member prices. Alternatively you may cancel your registration by e-mail up to 3 days before the event. When you register, please understand that a meal has been ordered for you and the ISSA Ottawa Chapter is responsible for paying for it regardless of whether you attend or not.

For information on future events, see our Events page.

  

Did You Know?
The Ottawa Chapter of ISSA has its own LinkedIn group. You can use it to post an interesting article, read announcements or to network with your fellow members. If you are a member of LinkedIn, feel free to join.

Did You Know?
You can earn up to 40 CPE credits towards your (ISC)2® certification per year of service on the Ottawa ISSA Chapter Board.

You can also earn CPE credits for every ISSA event that you attend.