ITS 4050 - Internet and Web Security
Chapter 13, Securing Personal and Business Communications
This lesson presents some material from chapter 13. Objectives
important to this lesson:
- Voicemail threats
- E-mail and social networking threats
- Real-time communication
- Securing telephone and PBX communications
- Securing VoIP
The previous chapter dealt with mobile communications, which
covers a lot the communications most people use. This chapter
discusses more traditional communication channels. It begins with
a poor example. You want to talk to a coworker, but that person is
busy. You leave a note with another person who relays your
message, and relays a reply to you when it is available. This is
meant to symbolize the passing of information across routers that
store the information until a path is found that can be used to
send it along its way to the intended destination. The point that
the text is trying to make is that there are several kinds of
communications that include this feature, storing
information until a path
is available or until it is picked
up by the intended receiver.
- voicemail systems -
Voicemail is typically left when a voice channel to an intended
recipient is not possible, due to a hardware or availability
issue. Systems may include the capacity to convert a voice
message to text or email, reducing storage needs and cost.
Voicemail systems are typically vulnerable to hacking when users
continue to use default passwords. They are vulnerable to attack
when attackers send email that looks like a voicemail
notification, but actually contains a malware payload.
- e-mail - The chapter presents a list of effective
e-mail techniques that have been used to defraud users and
damage computers. These include bank scams, malware
posing as patches, and messages that seem to be from trusted
sources. You should always be in doubt about the intentions of
an e-mail sender. Don't enable HTML views because they allow
scripts to run.
- social network messaging - As I asked another class
this week, why are you on a social network site? The risks are
- real-time communication - The text lists several
methods that vary in immediacy. Telephone connections are
typically fast, but not without some delay. Text messages of
various types are not immediate, although users typically assume
that they are. Video communications, like audio channels, give
the illusion of immediacy by providing a live microphone on each
end of the channel. The person on the other end seems live
because you can hear them while you are speaking to them.
Regardless of propagation delay, the illusion helps the users
enjoy the experience. The text mentions that some applications,
Skype in particular, report whether a person is available, and
how long they have not been available when they are tagged as
busy or away. My experience is that the "time away" reported by
Skype is often very wrong. I have learned to ignore the
ridiculous numbers of minutes or days my staff are reported as
being away from their desks, and to rely more on the status
light showing that they are available or not.
On page 343, the text turns to traditional Private Branch
Exchange (PBX) telephone systems, which may support
voice traffic, fax transmissions, modem traffic, and VoIP traffic.
The observations in the text about protecting such systems offer
few new ideas. A quick Google search on the topic gave me
lots of results, but each was from a vendor promoting their own
products. The text suggests not allowing remote management,
protecting the servers' physical locations, and limiting access to
the operational documents for the system. Good advice for any
computer system, really.
The text spends a few pages considering specific Voice over
IP systems and Session Initiation Protocol systems.
The material presented is repetitive and not very helpful.