Tue Sept 24, 2002 (original story...)
In a set-to that illustrates how sensitive security has become in IP communication networks, and how eager vendors are to exploit security issues, Navastream Inc. and Polycom Inc. went head to head in the last two weeks concerning potential security problems in Polycom's ViewStation products. Navastream Inc., a provider of network security products, said in a Sept. 17 press release that a feature of Polycom Inc.'s ViewStation group videoconferencing products compromises security. Navastream said, "Vulnerabilities in the Polycom ViewStation videoconferencing products" could "allow unauthorized individuals to gather information about the device, retrieve files, crash the device, or monitor videoconferences." It added that the ViewStation's operating system includes Web, Telnet and FTP capabilities for remote management. "The default password protecting access to the remote management controls of the ViewStation is empty or null. Consequently, unauthorized users can use these controls to configure the videoconference unit and establish videoconference sessions."
Navastream said that the vulnerabilities could be "counteracted with Navastream's VIP product line." Navastream's release was apparently based on a Sept. 4, 2002 advisory from X-Force, an Internet security intelligence and education service offered by vendor Internet Security Systems Inc. (ISS). The ISS advisory noted that ViewStation products deployed outside a firewall on an IP network were vulnerable to unauthorized access. Polycom countered the Navastream release within days with an announcement that it had enhanced the security of the ViewStation with a software upgrade to address the network security issues identified in the X-Force advisory. Polycom added that it had established "a working relationship" with ISS to address security issues "through ongoing evaluations."
Polycom also announced new unified conferencing-bridge software for its MGC product line that combines voice- and videoconferencing capabilities. The new software combines full-featured voice and video capabilities for PSTN, VoIP, ISDN (H.320) and IP (H.323) conferencing on a single MGC platform. Polycom says the new shared architecture enables enterprises and service providers to streamline management and support requirements, and save on network conferencing resources, because they are combining voice and video conferencing on a single platform.
