[VOIPSEC] Indentity Management and VoIP and More

Steve Blair blairs at isc.upenn.edu
Mon Apr 24 08:12:31 PDT 2006



Scott Beverly wrote:

>Steve,
>
>Unfortunately (in the U.S.), regulatory issues, HIPAA in particular,
>have very little teeth and have not forced much of anything to happen in
>regards to security.  However, I agree that it is only a matter of time
>as more law suits are filed, publicized, and hopefully won when privacy
>is lost to technical security breeches.
>
>  
>
That may be the consensus from the larger community but our institution 
is concerned about the requirements that regulations such as HIPPA place 
on communication systems.

>I wouldn't wait on U.S. Government regulatory governance to cause
>advancements in technical security.  Until regulatory agencies have the
>power (i.e. financial repercussions) that the Payment Card Industry
>(PCI) has in enforcing it's security guidelines, I wouldn't expect any
>governance to lead the the way in advancements in VoIP security.
>
>  
>
Good point. I'm sure we won't :-)

>Scott...
>
>
>On Mon, 2006-04-24 at 09:50 -0400, Steve Blair wrote:
>  
>
>>Paine, Richard H wrote:
>>
>>    
>>
>>>Yes, I see it changing.  The reality is that Boeing and other Fortune
>>>500 companies will come to the realization that there is a massive
>>>vulnerability in the VOIP implementations.  The reality is that VOIP
>>>calls, if they are Internet-only are all vulnerable to spoofing and
>>>tapping and man-in-the-middle attacks against their businesses.  Why it
>>>doesn't have much emphasis right now is that the Cisco Call Managers and
>>>other VOIP connections are dependent and rely on the PSTN system that
>>>historically maintains an enterprise trust of the PSTN providers to
>>>provide secure voice communications.  It really isn't secure, but it is
>>>wired and protected by the PSTNs and the courts.  As more and more
>>>traffic stays on the Internet and does not move to the PSTN, the
>>>vulnerability increases.  
>>>
>>>      
>>>
>>There are also impacts on regulatory issues, such as HIPPA, as 
>>organizations move from the PSTN to a publicly accessible IP based 
>>communications infrastructure.
>>
>>Steve
>>
>>    
>>
>
>  
>

-- 
  
ISC Network Engineering
The University of Pennsylvania
3401 Walnut Street, Suite 221A
Philadelphia, PA 19104  


voice: 215-573-8396 

       215-746-8001

fax: 215-898-9348    

sip:blairs at net.isc.upenn.edu





More information about the Voipsec mailing list