Polycom's (Nasdaq: PLCM) RealPresence Access Director (RPAD) session border controller recently passed a 35-point security evaluation?conducted?by ICSA Labs, a third-party testing lab owned by Verizon (NYSE: VZ).
ICSA Labs assessed the RPAD on its ability to maintain the security and integrity level of the network while adding SIP and H.323 videoconferencing functionality.
"We developed evaluation criteria in seven or eight different areas," explained Brian Monkman, technology programs manager at ICSA Labs.
As part of the testing, "we make sure that the documentation is complete and accurate. We look at the administration capabilities to ensure that the product can be administered securely. We look at whether all of the management functions are available and that there can't be unauthorized access to the management function to use as an attack vector," Monkman told?FierceEnterpriseCommunications.
"We verify that the platform is secure from exploitation or exposure and that it doesn't introduce any known vulnerabilities to the network? We verify that the product is able to implement its functionality in a secure manner, and then we verify that there are log-in capabilities and that the product provides the administrator the means necessary to audit security-related events," Monkman added.
During the testing, ICSA Labs found that the RPAD was vulnerable to a well-known denial of service attack (DoS) in which a secure sockets layer/transport layer security (SSL/TLS) renegotiation attack could render parts of the RPAD inoperable.
"If the attack was executed from a public host against the RPAD on TCP port 8443, the administrative GUI [graphical user interface] was unable to be accessed until the attack had stopped. Furthermore, if the attack was run on TCP port 443, no mobile clients would be able to authenticate, rendering them unable to make calls through the RPAD," ICSA explained in the report.
ICSA informed Polycom of the vulnerability and the company fixed the problem, explained Monkman. "We were then able to attest that they met all of the evaluation requirements," he added.
A. E. Natarajan, senior vice president for worldwide engineering at Polycom, said in a?statement: "This independent security evaluation by ICSA Labs demonstrates Polycom's commitment to providing high levels of security and assurance for our customers? As organizations deploy video in more and more business applications, particularly on mobile devices, to keep their global workforce connected, our successful completion of this rigorous evaluation shows that they do not sacrifice their security in doing so."
Polycom has a?26.5 percent share of the enterprise videoconferencing and telepresence equipment market, behind Cisco (Nasdaq: CSCO) with a 43.4 percent market share. The market totaled $563.4 million in revenues for the first quarter, the worst revenue figure since the second quarter of 2010, according to recent IDC stats.
For more:
- read the ICSA Labs?report
- check out Polycom's?release
- see IDC's?stats
Related articles:
Dedicated videoconferencing system sales decline 26% in Q1, says Infonetics
Cisco, Polycom, Logitech's LifeSize lead healthcare videoconferencing market
IDC: Cisco, Polycom post double-digit declines in videoconferencing revenues
kim mulkey sarah palin today show dallas tornado video 1940 census instagram for android dallas news dallas fort worth
No comments:
Post a Comment