[VOIPSEC] Daisy chaining voice <-> PC VLAN, risks?
Erik.Hofmann at infineon.com
Erik.Hofmann at infineon.com
Mon Sep 12 03:53:32 CDT 2005
Hello everybody,
How would you assess the security of a VoIP design where you build 2
V-LANs on top of one physical infrastructure using so called daisy
chaining. This means you have a built in switch in you phone device, 2
Ethernet interfaces, one for the phone itself which is plugged to the
network and one for the desktop PC which is plugged to the phone?
What is the risk for confidentiality of voice data streams concerning
internal / external attackers?
It appears that the phone devices (Cisco) uses some hardware information
+ MAC address to identify themself as VoIP-phone against the network
switch.
How complex would it be e.g. to configure a notebook to connect to the
phone V-LAN, eavesdropping voice traffic with arp spoofing technique
etc?
Or snoop on a (e.g. WAN) trunk etc?
Are there any concerns on confidentiality of voice data regarding the
Call Manager in the phone V-LAN? (Identity manipulation etc)?
Any hints to good sites for threats and vulnerabilities for VoIP stuff?
kindly regards
Erik Hofmann
Principal Information Systems Security
Infineon Technologies AG
More information about the Voipsec
mailing list