Yesterday the VoIP News web site posted a feature article: How Secure Are Your VoIP Calls? It includes quotes from both Jonathan and myself and generally makes the points we’ve made both here and on Blue Box around VoIP security. Overall a good article with only a few minor nits to pick:
- The question I would generally suggest customers ask their enterprise vendor is “What do you do to secure voice communication over the LAN?“
- I don’t know that I would have said enterprise phone systems were “enterprise stuff” but hey, you get the idea.
- In the second bullet at the end, the point is to ensure that call control is encrypted or otherwise protected. Many people first think of encrypting voice because eavesdropping is something easy to understand – and they don’t think about call control. Yet you could argue that call control is perhaps more important because far more devious things can be done if you can corrupt call control.
- Unless he’s holding out on us, Mark Collier does not write the VoIP Lowdown blog that had this list of VoIP security challenges. In fact, if you note, Mark commented on the article (and perhaps because he was the last commenter someone assumed he wrote the blog). Mark actually writes over at www.voipsecurityblog.com (where I note he has a nice new header image and picture) as well as here on this blog once in a while. He actually has a post on his blog pointing over to this list on VoIP Lowdown.
- It’s actually not entirely clear from the post who did write that list at VoIP Lowdown, but on this page it states that the writer was Pushpa Sathish, who is also the person now having a byline on all the new posts since that time (which is good because it will save them this attribution issue in the future).
Again, relatively minor details in the grand scheme of things (although Pushpa Sathish may not appreciate the attribution going to Mark) and a good contribution to the overall conversation on VoIP security.
Thanks, VoIP News, for running the feature story!