Cisco Systems Inc. says its Internet Protocol (IP) telephony system has earned Miercom’s highest security rating, after sustaining three days of grueling, round-the-clock tests conducted by sophisticated “hackers” looking for security vulnerabilities.
“Cisco proved it can build a Voice over IP (VoIP) network that sophisticated hackers were not able to break or even noticeably disturb,” says Ed Mier, president of Miercom, a network consultancy and product test center.
“Cisco’s ‘secure’ rating on the Miercom VoIP-Security Rating Scale was the highest of all the vendors who participated,” Mier adds. Cisco says Miercom tested the Cisco CallManager-based system, the core of its IP Communications system, as well as two entries from Avaya Inc.
Cisco says the objective of the attacks was to disrupt IP phone communications. It says that through each of the assault points, the hackers used scanning tools and techniques to discover what they could about the topology, and then launched numerous sophisticated denial-of-service attacks. The attacks, says the company, attempted to disable devices and functions at all network layers. After three full days of testing on the Cisco CallManager system, no perceptible disruption was achieved, according to Miercom. Cisco says that all the capabilities and features that Cisco employed in its test system are currently available to customers.
The hacker team, says Cisco, consisted of coordinated local and remote assailants who delivered a “moderate intensity” assault. The company says a set of ground rules limited the hackers to using only existing tools available on the Web, and restricted their access to several specific assault points. The hackers operated with no prior knowledge of the internal network or configuration, the company says.
Miercom, according to Cisco, tested the Cisco CallManager 4.0 system, which is said to contain a number of new security enhancements. The IP-based call-processing engine, says the company, extends the capabilities of the Cisco intelligent self-defending network to better protect Cisco IP Communications systems and to provide improved business resilience. The company notes that new industry-standard digital certificates in CallManager 4.0 confirm the identity of network devices to help to protect against the entry of rogue system users. It says that new standards-based authentication and encryption have been added to Cisco CallManager 4.0 and Cisco IP phones, aiming to provide end-to-end privacy and integrity of voice communications.