[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says
Shawn Merdinger
shawnmer at gmail.com
Thu Dec 7 17:13:43 GMT 2006
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1233013,00.html
Wow, Stephen Northcutt kinda throws down here...
<snip>
TechTarget: A new item on this year's list is the VoIP threat. What
is the SANS Institute doing to bolster awareness in this area?
Northcutt: This is my single-greatest failure. We don't have the kind
of intensive "here's what the packets look like" training that's
needed. The problem is just massive. A technology like this never
should have been rolled out without more thought to security. If I had
my way, I would have the creators of VoIP stop everything and redesign
this with security in mind from the get-go.
...
...Run VoIP as a separate cable, where you'd have one cable for data
and another for voice...
</snip>
Thanks,
--scm
More information about the Voipsec
mailing list