[VOIPSEC] Actual Attacks

[Christopher A. Martin]

That is the full risk of these types of clients. Once you create the all in
one "universal adapter" all traditional security is blown away. VoIP in
itself is a bypass of security measures, since the goal is to interoperate
in any environment.

As much as we decentralize (peer-to-peer), if you truly want to secure the
net, you have to devolve back into a centralized model...I like Ammar's
suggestions regarding IPS, etc...

Just food for thought...
________________________________

Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
 
Domains.SIP1.com
http://domains.sip1.com 
Low cost domain name registration & other Internet services.
 
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
 

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Russell Howe
> Sent: Sunday, February 20, 2005 4:52 AM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Actual Attacks
> 
> On Sat, Feb 19, 2005 at 09:46:56PM -0600, Christopher A. Martin wrote:
> > Endpoints will have to become robust enough to not only support VLAN
> tagging
> > but also association of specific applications to VLAN
> 
> Then what happens when a device which does VLAN tagging gets
> compromised? Nothing to stop the malicious code from chatting on
> whichever VLAN it wishes, surely?
> 
> If you move to making user devices VLAN aware, I don't see how you can
> use VLANs as an effective security mechanism. They may well add an
> element of obscurity, but security by obscurity isn't something to rely
> on.
> 
> --
> Russell Howe       | Why be just another cog in the machine,
> rhowe at siksai.co.uk | when you can be the spanner in the works?
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org