[VOIPSEC] Cisco 7920 wireless IP Phones

[Robert Moskowitz]

I am just going to skip to the end...

At 06:14 PM 5/27/2005, Scott Keagy wrote:

>Just want to clarify something I mentioned earlier to which Robert 
>replied....
>
>Layer 1 security (control E&M radiation, physical access (beware social 
>engineering; unique badged entry- no shared keys), watch for acoustic 
>bugging or physical taps of wires from desktops to switches,  etc.)
>
>Layer 2 security (802.11i (need per-frame Ethernet integrity checks on 
>wired links too), L2 port security, anti arp-spoofing, protect switch 
>control traffic, harden switches, etc.)

Check out 802.1AE!  We are working on ethernet security.  802.3ah is in 
particular need of it.

>Layer 3 security (IPSEC, etc.)
>Layer 4 security (TLS, SRTP, etc.)
>Application security (SIP authentication, S/MIME, etc.)
>Bandwidth efficiency to fix problems caused by IPSEC overhead (something 
>like ROHC)

Also look at IPCOMP.  A very easy way to compress everything in the ESP 
packet.  And if it is not compressable, it won't add to the cost.

>Session Border Controllers at voice/video/etc provider boundaries to 
>maintain policies (can't rely on Firewall ALGs with encrypted signaling) 
>and help with NAT traversal (who knows when IPv6 will be widely deployed, 
>so living with NAT is real).
>
>For a Cisco product-centric view (still relevant for conceptual issues to 
>address) of VoIP security across layers of the protocol stack, check 
>Chapter 6 of this book:
>
><http://www.amazon.com/exec/obidos/ASIN/1587051397/>http://www.amazon.com/exec/obidos/ASIN/1587051397/ 
>

I will get my contacts to send me that one.  I already have Cisco's VoIP book.


Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
VoIP:   248-291-0713
E:      rgm at icsalabs.com

There's no limit to what can be accomplished if it doesn't matter who gets 
the credit