[VOIPSEC] RTP-borne virus examples?

[Christopher A. Martin]

Actually, properly implemented IPSec PKI and/or preshare is a great 
mechanism to authenticate the networks that are communicating between 
trusted endpoints. Any non-trusted endpoints attempting communications 
to any of these endpoints that does not exist in the SA will be dropped. 
Which is what I assume you are alluding to near the end of your response.

To your point about not protecting against virus/worm attacks...agree. 
An encrypted tunnel can easily become a covert channel.

No one mechanism alone can prevent these attacks, hence security 
indepth. Its like saying that a firewall can stop all attacks against 
your network.

:)

Chris


Ari Takanen wrote:

>Encryption does not protect against any virus/worm type attacks. It
>protects against anyone detecting and preventing the attack. Signing
>also does not protect against the attack, you will just (with some
>level of assurance) know who hit you. And finally PKI does not prevent
>the attack, but you will just need to rely on the black-listing
>capabilities (which is close to impossible to implement) of it to
>prevent known attackers or misconfigured domains from attacking you.
>
>There are some non-virus related malware attacks in RTP that IPsec
>will protect you from, but as those are still not very widely known, I
>will not describe them any further yet.
>
>/Ari
>
>On Fri, Dec 02, 2005 at 03:48:07PM -0000, dhiraj.2.bhuyan at bt.com wrote:
>  
>
>>Securing the media stream (using IPSec for example) will solve many such
>>issues. But in my opinion, there seems to be not much interest in
>>securing the media stream at this moment. I might be wrong (hopefully!).
>>
>>--
>>Dhiraj Bhuyan, CISSP
>>Senior Network Security Researcher,
>>pp2A, Rigel House, BT Group CTO
>>Martlesham Heath, Ipswich, IP5 3RE
>>    
>>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>  
>