[VOIPSEC] Daisy chaining voice <-> PC VLAN, risks?
Erik.Hofmann at infineon.com
Mon Sep 12 09:53:32 BST 2005
How would you assess the security of a VoIP design where you build 2
V-LANs on top of one physical infrastructure using so called daisy
chaining. This means you have a built in switch in you phone device, 2
Ethernet interfaces, one for the phone itself which is plugged to the
network and one for the desktop PC which is plugged to the phone?
What is the risk for confidentiality of voice data streams concerning
internal / external attackers?
It appears that the phone devices (Cisco) uses some hardware information
+ MAC address to identify themself as VoIP-phone against the network
How complex would it be e.g. to configure a notebook to connect to the
phone V-LAN, eavesdropping voice traffic with arp spoofing technique
Or snoop on a (e.g. WAN) trunk etc?
Are there any concerns on confidentiality of voice data regarding the
Call Manager in the phone V-LAN? (Identity manipulation etc)?
Any hints to good sites for threats and vulnerabilities for VoIP stuff?
Principal Information Systems Security
Infineon Technologies AG
More information about the Voipsec