[VOIPSEC] Secure Real-time Transport Protocol (SRTP)
rgm at icsalabs.com
Wed Mar 23 20:41:28 GMT 2005
At 02:39 PM 3/23/2005, Tim Mehmet wrote:
>i got the distinct impression that offering SRTP would negate the need
>to buy other Nortel products to help secure their solution and thus they
>showed no desire to provide SRTP.
>Nortel insist that the security be off loaded to the network and other
>items and that we should not rely on the vendor systems to offer
>security alone, this is fair, but having insecure endpoints and insecure
>protocols kinda negates what we do, specially over public IP.
I am constantly pushing this Mantra:
layer 2 security protects the network provider
layer 3 security protects the system
layer 4/5 security protects the application
layer 6/7 security protects the data
you WILL be doing most of these at any one time. Each addresses a
different risk model.
Sometimes there can be an overlap between layers in the nature of security
offered. But, for example, if you look at my tunneling methods, layer 3
security of IPsec would not protect likely the RTP connection
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
E: rgm at icsalabs.com
There's no limit to what can be accomplished
if it doesn't matter who gets the credit
More information about the Voipsec