March 2011 archive

SecureLogix Releases Report: Voice And Unified Communications State of Security 2011

Stateofsecurity2011By way of the Voice of VOIPSA blog, I learned that SecureLogix had formally released their "Voice & Unified Communications: State of Security Report 2011". I saw a preview of this report in one of the final sessions at the Enterprise Connect event at the beginning of March and the data seemed quite compelling.

To put this in perspective, SecureLogix sells solutions that monitor your network and protect your VoIP/UC systems. While that creates a fairly obvious bias for a report like this, it also means that they do have great data from literally hundreds of networks where their tools have been deployed.

They've done a nice job packaging up the data, providing very readable charts, including solution diagrams and listing all sorts of resources at the end. The report is available now from the site:

You need to login to the site to download it today, but the folks I know at SecureLogix say that they will also be making it available from their own site in a few months.

Sure, you have to read the report understanding that it is written from the viewpoint of a vendor with an interest in selling security solutions... but regardless it is definitely a worthwhile document to read through. Kudos to SecureLogix for creating this report - and I look forward to seeing how it changes and evolves in the years ahead.

P.S. I found it interesting that the report talked about modems, which is something I actually didn't even touch on in the book and don't really think of as "VoIP" or "UC"... However, they certainly are components of the larger network security area of concern.

Great Resource -> Felix’s Node.js Guide

FelixnodejsguideWant to learn more about Node.js? Felix Geisendörfer recently rolled out a site with a series of guides to help people get started:

So far he has these guides available:

  • Node.js Beginner Guide
  • Node.js Style Guide
  • Node.js Community Guide
  • Node.js Convincing The Boss Guide

and promises more to come. He is nicely using a Github repo for the development of the guides and you can monitor that repo to see what is in development.

Documentation and training are always critical elements of helping people get started with a new language, so it’s great to see initiatives like this one. I’m definitely watching the Github repo and have been reading through his guides already.

Thanks, Felix, for putting these docs online!


Welcome to – at some point soon I’m planning to aggregate my various writing across the web into a common place. ¬†Stay tuned…

If you enjoyed 7 Deadliest UC Attacks, you may also like the fiction book "Counting From Zero"

Counting from zero coverIf you enjoyed the subject matter in my Seven Deadliest Unified Communications Attacks, you may enjoy the fiction book, Counting from Zero, written by my friend Alan Johnston. The book, available as an eBook from Amazon, Barnes & Noble, Smashwords and other sites, is not about Unified Communications or VoIP security, but rather about Internet security in general and specifically the rise of botnets and all their attendant troubles.

It's a story... about an Internet security researcher named Mick O'Malley who recognizes the signs of an impending global "zero day" attack via a massive botnet... and how he discovers it... how the various forces out there conspire against him... how he and his allies fight back...

I don't know how it ends, yet, as I'm only 2/3rds of the way through it, but I'm enjoying the story so far quite a good bit.

I've known Alan for a good number of years mainly through IETF and SIP-related connections including the SIP Forum... we routinely meet up at various conferences and these days of course connect through social networks. While Alan's written a number of technical books related to the SIP protocol, this is his first foray into fiction and on his new blog site he explains the journey that brought him into self-publishing and the world of ebooks. I commend him on taking the leap and I look forward to seeing how it goes.

I've thought, too, of pursuing the fiction route myself at times... if I go back a couple of years, one of the best presentations I've given on VoIP security was one where I did away with all the traditional ways of talking about security and instead told a story called "The Saga of SysAdmin Steve". The story hit all the points I would have covered anyway, but in a way that was much more engaging... was much more memorable by the attendees... and was much more fun as a presenter. The challenge, of course, is that such a presentation can take a great amount more time to create. But it's certainly been on my mind lately to do more presentations and perhaps even some writing along those lines.

Meanwhile, I congratulate Alan on the launch of "Counting from Zero" and encourage you all to check out the book's website and Alan's blog and, if you are so inclined, to purchase a copy. I'm definitely enjoying the read so far.

A Sign of the Node.js Buzz – Joyent Launches a Node.js Jobs Site

Node.js certainly has been getting a good bit of buzz these days. I’ve been writing about Node.js here because I personally find it interesting, but you only have to watch the Twitter search string to know that a lot of other people out there find the same fascination with Node.js.

It’s a sign of that intense interest, then, that Joyent launched a “Node.js Jobs” site this week at:

with some initial postings from some of the startups that you might expect to be using a bleeding edge service like Node.js:


Very cool to see… and may it only help grow the pool of Node.js developers out there!

Video: Intro to Node.js by Ryan Dahl at SF PHP Meetup on Feb 22, 2011

Here’s a great video introduction to Node.js by creator Ryan Dahl at the San Francisco PHP Meetup Group on February 22, 2011. He steps people through building apps in a great style:

Mashable: Why Everyone Is Talking About Node.js

NodejsIf you are wondering why so much attention is focused on Node.js these days in the online media and sites (including my own writing about Node.js), Mashable had a decent post this week called:

Why Everyone Is Talking About Node

It’s a good overview that explains much about why Node.js is so interesting to so many people. I’m not sure I agree with the author about the Ruby community being “exclusive and harsh”. I experienced nothing but helpful assistance back when I was learning Ruby. The Node.js community, though, has definitely been very welcoming to newcomers so far.

Regardless of that probably unnecessary dig, the overall article was a good overview of Node and is certainly worth a read.

Online Preview Available of O’Reilly’s Upcoming “Up and Running with Node.js”

Tom Hughes-Croucher is writing a book for O’Reilly & Associates about Node.js called “Up and Running with Node.js” and he tweeted out today that a preview of the book is now available online at:

As he says in the author intro:

When Simon, my editor, and I were initially discussing this project it was obvious how vibrant the Node.js community is. We felt that it was important that we engaged with the community as we worked on this manuscript. In order to do that we decided to release the book in parts as I wrote it. What you are reading now is one of those partial releases.

It’s very cool that he’s made the text available and will be continuing to update it as the book evolves. Apparently he has to do something to enable commenting, but shortly you should be able to comment on his text.

Nice to see authors doing this to solicit input from the larger community before a book is actually printed. Very cool.


7 Deadliest UC Attacks Mentioned at Enterprise Connect

Enterpriseconnect2011I've been very pleased by the comments I've received from people at the Enterprise Connect show this week in Orlando who have read the book. A couple of people mentioned they've bought it for the Kindle while at the show. And analyst Blair Pleasant mentioned the book a couple of times in one of her sessions (Thanks, Blair!).

As an author, it's wonderful to hear that the book is really helping people understand UC security issues.

Thanks again for all the kind words and mentions!

Great (long!) Article on Node.js in The Register

TheregisterWhat is Node.js all about? How did it come about? What prompted Ryan Dahl to create Node? What other languages did he try? Who are some of the companies using Node.js, and why? What does Google think about Node.js, given that they maintain the V8 JavaScript engine used by Node? What are the kind of performance gains you can see in Node?

Answers to all those questions and many more are in a lengthy piece on The Register titled “The Node Ahead: JavaScript leaps from browser into future“. It’s a well done article and rather than excerpt it here, I’d encourage you to go take a look at the full piece. Interesting to read about some of the background of which I was not aware. Good stuff!