Avoiding VoIP hacks
Manager and Friend; Root and Calvin; Admin and 1234 (or 12345). And finally, as a dead giveaway as to what I’m on about here, Netgear1.
Yes siree, these are all device default login names and passwords for IT-related appliances currently within my line of sight. I’m actually rather tempted to award a scout badge to the first reader of this column who can write in and match passwords to devices, but as will shortly become clear, the secret nature of this knowledge forms the crux of my argument.
I’ll only reveal that the first is an Allied Telesis Layer 3 super-switch; the second is the Enterprise iDRAC6 in a Dell R610; then there’s a fossil DrayTek Ethernet-to-Ethernet cable router; and lastly, a rather later ZyXEL.
The deep and dark “technical” process by which the Bad Guys operated was no cleverer than exploiting the fact that most people never change their default voicemail PIN
I’m sure you can guess where I’m headed with all this, because pretty much the entirety of the British media has turned cannibal over the course of this summer on the subject of “hacking”.
Here at PC Pro we tried to inject a tiny bit of sanity into the proceedings by pointing out that the deep and dark “technical” process by which the Bad Guys operated was no cleverer than exploiting the fact that most people never change their default voicemail PIN – in direct contradiction of the basic instructions included in the little fold-out pamphlet supplied with every phone I’ve ever bought. But what’s the connection with network management, you ask?
The fact that networks are designed, managed and used by people would be my first answer. My second answer is that TCP/IP protocols (and hence networking) are increasingly being incorporated into systems that traditionally haven’t been exposed to any kind of computing security vulnerabilities.
Five or ten years ago, it wasn’t very likely that your door locks and CCTV cameras would share a wire with your Word documents, nor that your phone calls were contending with your web-surfing. Nowadays, however, this is becoming more prevalent, creeping into our business lives from two opposite directions.
Five or ten years ago, it wasn’t very likely that your door locks would share a wire with your Word documents
I’m making that observation for a good reason, because these two directions are also sources of outside information that commonly cause much aggravation, furrowed brows, angst and fear in the small networking world – I’m referring to the very large enterprise scale and the very small home-user scale.
The latter is the easiest to identify, as after all, who doesn’t use Skype these days? As a web telephony service its quality is frequently dire, but there’s no arguing with its market penetration.
The water-cooler business intelligence brigade often ends up asking awkward questions, such as why there’s a gap between the cost and service levels of Skype, for example, and the internal phone systems commonly sold to small businesses. Whenever this topic crops up, eyes are raised to the heavens, lips are pursed, and the technically naïve are heard to exclaim: “this place, tsk, I dunno…”
The other end of the spectrum is the corporate megascale. It isn’t for nothing that Microsoft’s quirky and quite incomprehensible “VoIP as you are” accident videos (yes, really – see here and here) allude to the potential to either save, or else endure gargantuan upheavals by clawing towards Unified Communications, using the technologies on offer by the old-school telephony companies.
It’s amazing how widely spread the war stories at the big-iron end of the market can be, all the way from millions of pounds saved to millions of pounds spent.
It’s hardly surprising then that, from the perspective of a business stuck between these two extremes, you’ll hear all manner of conflicting information, delivered with the force of personal conviction and experience – and the problem of requesting security (and knowing that you’ve actually been secured once the job’s complete) assumes a far higher level of importance, regardless of whether or not your social life vies with that of Hugh Grant.