[VOIPSEC] Secure Real-time Transport Protocol (SRTP)

[Robert Moskowitz]

At 02:39 PM 3/23/2005, Tim Mehmet wrote:

>i got the distinct impression that offering SRTP would negate the need
>to buy other Nortel products to help secure their solution and thus they
>showed no desire to provide SRTP.
>
>Nortel insist that the security be off loaded to the network and other
>items and that we should not rely on the vendor systems to offer
>security alone, this is fair, but having insecure endpoints and insecure
>protocols kinda negates what we do, specially over public IP.

I am constantly pushing this Mantra:

layer 2 security protects the network provider
layer 3 security protects the system
layer 4/5 security protects the application
layer 6/7 security protects the data

you WILL be doing most of these at any one time.  Each addresses a 
different risk model.

Sometimes there can be an overlap between layers in the nature of security 
offered.  But, for example, if you look at my tunneling methods, layer 3 
security of IPsec would not protect likely the RTP connection


Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
E:      rgm at icsalabs.com

There's no limit to what can be accomplished
if it doesn't matter who gets the credit