Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Fake MicroSoft calls
Special Forums Cybersecurity Fake MicroSoft calls Post 303011432 by Neo on Thursday 18th of January 2018 08:17:32 AM
Old 01-18-2018
I recall VoIP vulnerabilities over the years and for many years.

On another note, it is always important to keep in mind that (IT) RISK is the intersection of VULNERABILITY, THREAT & CRITICALITY.

So, even if there is a VULNERABILITY, if there is no real THREAT or CRITICALITY, then RISK is LOW.

For example, for someone who uses VoIP and is not a high profile person or spy or criminal etc who has THREATS and if a VULNERABILITY is exploited, it does not do critical harm (in the case of VoIP threats for most people who use VoIP daily), then the RISK is low.

I've been aware of possible VoIP exploits for many years, but it does not stop me from using the myriad technologies that use VoIP. This especially applies to VoIP technologies which are encrypted. LINE, What's App and I believe Skype are all encrypted and so exploiting these VoIP vulnerabilities are non trivial, as I recall, and so most users who use encrypted VoIP are not at high RISK.

There is also the RISK MITIGATION model, which combines TECHNICAL (LOGICAL) CONTROLS, PHYSICAL CONTROLS AND ADMINISTRATIVE CONTROLS, should be considered as well

Encrypting a VoIP channel is a TECHNICAL CONTROL and having a policy whereas HIGHLY SENSITIVE USERS do not use these apps unless approved is an ADMINISTRATIVE CONTROL.

It is important to keep in mind that RISK MANAGEMENT and RISK MITIGATION is a multidimensional and multifaceted approach, so VULNERABILITIES must be viewed in context to the THREAT and CRITICALITY; and RISK MITIGATION must be viewed in terms of RISK and the "best" combination of controls (ADMIN, TECH, PHYSICAL) based on RISK (and this implies budget as well).

Cheers.
This User Gave Thanks to Neo For This Post:
Don Cragun
 

2 More Discussions You Might Find Interesting

1. IP Networking

Identification of data calls & voice calls

Is there any facility to filter/identify the data calls and voice calls coming throug modem? OR Can we get the data or voice calls information through a script(preferably C Kermit)? (0 Replies)
Discussion started by: pcsaji
0 Replies

2. Windows & DOS: Issues & Discussions

Microsoft Powerpoint 2003 stops working after 12 April 2011 Microsoft Updates

For the benefit of the community this is a widespread worldwide problem affecting multiple versions of Microsoft Windows. Powerpoint erroneously reports Powerpoint presentation damaged and then often hangs. Until Microsoft sort this out, try removing Powerpoint security update KB 2464588... (0 Replies)
Discussion started by: methyl
0 Replies

LEARN ABOUT FREEBSD

ieee80211_beacon

IEEE80211_BEACON(9)					   BSD Kernel Developer's Manual				       IEEE80211_BEACON(9)

NAME

     ieee80211_beacon -- 802.11 beacon support

SYNOPSIS

     #include <net80211/ieee80211_var.h>

     struct mbuf *
     ieee80211_beacon_alloc(struct ieee80211_node *, struct ieee80211_beacon_offsets *);

     int
     ieee80211_beacon_update(struct ieee80211_node *, struct ieee80211_beacon_offsets *, struct mbuf *, int mcast);

     void
     ieee80211_beacon_notify(struct ieee80211vap *, int what);

DESCRIPTION

     The net80211 software layer provides a support framework for drivers that includes a template-based mechanism for dynamic update of beacon
     frames transmit in hostap, adhoc, and mesh operating modes.  Drivers should use ieee80211_beacon_alloc() to create an initial beacon frame.
     The ieee80211_beacon_offsets structure holds information about the beacon contents that is used to optimize updates done with
     ieee80211_beacon_update().

     Update calls should only be done when something changes that affects the contents of the beacon frame.  When this happens the
     iv_update_beacon method is invoked and a driver-supplied routine must do the right thing.	For devices that involve the host to transmit each
     beacon frame this work may be as simple as marking a bit in the ieee80211_beacon_offsets structure:

     static void
     ath_beacon_update(struct ieee80211vap *vap, int item)
     {
	     struct ieee80211_beacon_offsets *bo = &ATH_VAP(vap)->av_boff;
	     setbit(bo->bo_flags, item);
     }

     with the ieee80211_beacon_update() call done before the next beacon is to be sent.

     Devices that off-load beacon generation may instead choose to use this callback to push updates immediately to the device.  Exactly how that
     is accomplished is unspecified.  One possibility is to update the beacon frame contents and extract the appropriate information element, but
     other scenarios are possible.

MULTI-VAP BEACON SCHEDULING
     Drivers that support multiple vaps that can each beacon need to consider how to schedule beacon frames.  There are two possibilities at the
     moment: burst all beacons at TBTT or stagger beacons over the beacon interval.  Bursting beacon frames may result in aperiodic delivery that
     can affect power save operation of associated stations.  Applying some jitter (e.g. by randomly ordering burst frames) may be sufficient to
     combat this and typically this is not an issue unless stations are using aggressive power save techniques such as U-APSD (sometimes employed
     by VoIP phones).  Staggering frames requires more interrupts and device support that may not be available.  Staggering beacon frames is usu-
     ally superior to bursting frames, up to about eight vaps, at which point the overhead becomes significant and the channel becomes noticeably
     busy anyway.

SEE ALSO

     ieee80211(9)

BSD
								  August 4, 2009							       BSD
All times are GMT -4. The time now is 05:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy