Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Ken.

« Tom Keating scores Digium podcast about the changes | Main | Friday News of Note »

Network World interiew on VoIP Security

Here's a worthwhile story that caugh my eye from Network World. Lawrence Orans from Gartner does a better job that is generally done at maintaining a realistic perspective on VoIP security issues.

Hype vs. reality in VoIP security
IP telephony threats

Special Focus  By Cara Garretson, Network World, 01/30/07

Voice over IP, like many new technologies, suffers from having security as an afterthought. Headlines tell of VoIP vulnerabilities that can lead to eavesdropping, a new form of spam, even denial-of-service attacks that can take down the one communication network that businesses rely on most.

Lawrence Orans, a research director with Gartner, says some of these threats are overblown and aren’t likely to happen in a corporate setting. Frank Dzubeck, president of Communications Network Architects, which analyzes the industry, believes that given the lack of security built into IP, anything can happen. Network World Senior Editor Cara Garretson spoke with both, aiming to separate hype from reality.[Read full story]

I agree that firsts and foremost, it's IP security that's at issue.

I agree that eavesdropping is a grossly overhyped threat.

I'm more ambivalent about SPIT. I believe as a threat to VoIP. SPIT is being communicated badly. SPIT won't be what SPAM is to email. That's all hype. The big difference is that email is non-realtime traffic that's the traditional "bursty by nature" IP packet flow. SPAM doesn't degrade the  service really. SPIT can, in an ill-designed network (and too many of them are ill-designed), be as detrimental as a DoS attack or the the nasty worm traffic that overwhelms a network in replication efforts. The real problem with SPIT is that call quality will suffer and the service may degrade to the point of being unusable. If Oram's gets that at all, he sure didn't convey it. Frankly, I don't think he gets the real issue.

That he would give IP security in most organizations a D is shockingly realistic coming from Gartner. He gained significant credibility with me by putting that on the table.

It's worth reading. And sharing.


Technorati Tags: , , , ,

 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Ken Camp on January 31, 2007 1:54 PM |

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Ken Camp's Bio:

Ken Camp has more than 25 years of experience in information technology. Ken spent 17 years with AT&T and Lucent Technologies successfully designing and implementing voice and data networks. He later worked in the security marketplace and played a key role in early IPSec VPN deployments. As an independent consultant, Ken's primary focal areas include network performance improvement, security practices and the design and deployment of integrated voice and data solutions. He may be contacted at: ken_camp@realtimepublishers.net

line

Blog Roll