Authentication is the process in which the system identifies logged in users from unauthorized users. The effectiveness of this process is determined by the authentication protocols and mechanisms being used. In this article we will start reviewing authentication types that are used to verify the identities of users and decide whether they are really secure or not.
The first version of SIP used Basic HTTP authentication. This system is fairly easy to access using man-in-the-middle attacks. This type of authentication has been depreciating for some time now.
In HTTP authentication, an attacker can simply capture a packet containing the password and base64 encoded, which is then used to decode and perform attacks.
Not secure, indeed.
Security is a serious topic and, unfortunately, it is either overlooked, exposing organizations to risks, or incorrectly addressed through cumbersome solutions. In the series of blog articles I will try to shed light on what you should pay attention to, in terms of security, when choosing a UC solution.
Notwithstanding all the advantages of a UC solution, there is one important prejudice against its adoption: security concerns.
There is a widespread belief that VoIP solutions based on SIP are not secure, and that their usage must be blocked, or at least limited to local networks (eventually extended by VPNs).
Nothing could be further from reality. Well-developed and deployed VoIP solutions that are based on SIP and XMPP are actually more secure than traditional communications.
How did the prejudice start and spread?
Everything you need to know about Two-Factor Authentication and why using it for UC&C services
Today we use online services to shop, to collaborate, to meet new people and to keep in touch with friends. Many of these online services contain and store private information, such as user personal data, contact lists, credit card credentials, patient information etc.
However we all know that breaking into the system, in many cases, is just a question of time. Your password can be stolen or hacked every now and then.
Someone can pretend they are you and steal your identity.
In fact it has already happened to many of us at least once. What can we do to protect ourselves and our sensitive data?