[VOIPSEC] Recommended Security Policy Changes
Mark Teicher
mht3 at earthlink.net
Wed Mar 16 09:00:04 CST 2005
NIST provides some interesting guidelines on "Security Considerations for Voice Over IP Systems" January 2005
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
As with any change to a data network and with all the hype of enterprises migrating to VOIP, some organizations are slow to incorporate changes into their existing security policies, practices and procedures to reflect integrating Voice Over Internet Telephony into their environment based on some of the following:
1. Understanding of the technology and how it affects users within the environment?
2. Breaking down all the various protocols, implements of destruction from the executives down to end users without causing senior executive heartburn along the way and preventing network saavy types drafting long dissertations on VOIP security issues and why it is bad?
3. How to assemble new process and procedures for the information security types to direct them on implementing new parsers in their logs looking for interesting tidbits of information regarding possible network attacks against their new VOIP technology?
It is an interesting document to read and dis-sect into digestable form for organizations to break down and actually document process and procedures to integrate VOIP, some of the sections are very high level and may or may not apply.
//m
More information about the Voipsec
mailing list