Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Ken.

« VoIP and Universities | Main | Red Herring Misses the Mark on SPIT »

Voip - A Security Nugget

I found this article on Security Focus this morning. Two attacks against VoIP. It caught my eye because it looked like potentially new attacks. That turned out not to be the case, but here's what I did find.

First, Peter Thermos, the author echoes a pretty common sentiment in the VoIP Sector of late - "We are more secure than a regular phone line." He restates some of the common thoughts among VoIP practitioners.

The article provides a quick introduction to SIP. If you don't have time to read my paper A Look at Session Initiation Protocol (SIP), Peter provides a really good snapshot of SIP. It's a couple of paragraphs and a single picture. It's worth capturing as a quick descriptor.

The article then digs into to two security risks - Registration Hijacking and Eavesdropping. Registration hijacking is a real-world risk, but defensible. Eavesdropping is something I still believe is more or a paranoia than a real problem. And even in business, frankly, I rarely find I have a call that I'm any more sensitive about protecting that on any other phone. I view eavesdropping as more of a perceived risk that a real risk in most cases.

It's a really good two-page post that's worth a look.



Technorati Tags: , , ,

 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Ken Camp on April 4, 2006 11:49 AM |

TrackBack

Listed below are links to weblogs that reference Voip - A Security Nugget:

» gomez article from gomes blog
it's my opinion on that theme [Read More]

Tracked on April 26, 2006 4:21 PM

Comments

Ken,

FYI, the article also got slashdotted at http://ask.slashdot.org/article.pl?sid=06/04/05/2317242 which did generate a good bit of attention.

Interesting to see your view on eavesdropping. I actually view it as a far higher risk... but it will probably only start to enter the public consciousness once someone publicly provides a recording of private VoIP conversations that have some interesting (or salacious) information in them. The good news is that in the enterprise environment, at least, most VoIP systems today have encryption (either by default or as an option) that can protect voice traffic on the enterprise network.

Regards,
Dan

Posted by: Dan York | April 7, 2006 9:16 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Ken Camp's Bio:

Ken Camp has more than 25 years of experience in information technology. Ken spent 17 years with AT&T and Lucent Technologies successfully designing and implementing voice and data networks. He later worked in the security marketplace and played a key role in early IPSec VPN deployments. As an independent consultant, Ken's primary focal areas include network performance improvement, security practices and the design and deployment of integrated voice and data solutions. He may be contacted at: ken_camp@realtimepublishers.net

line

Blog Roll