Cisco warns of serious flaws

Further to a previous posting where we discussed the next big security problems moving from Microsoft to Cisco (or more specifically to the infrastructure as opposed to the desktop), Cisco Systems identified several vulnerabilities in its products this week that could lead to denial-of-service attacks. The most noteworthy flaw was reported Tuesday when Cisco warned that hackers could cripple its IP telephony networks by exploiting flaws in its CallManager software, an essential component of Cisco's IP telephony technology, which is used for call signaling and call routing.

I know of hundreds of IP telephony networks installed in the last year where customers never even considered security - treating the infrastructure components like "toasters and VCR's". Still to this day I dont believe adequate attention is being given to this area despite well known published frameworks for securing IPT networks published by the Information Security Forum (ISF).