[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says

Shawn Merdinger shawnmer at gmail.com
Thu Dec 7 17:13:43 GMT 2006


http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1233013,00.html

Wow, Stephen Northcutt kinda throws down here...

<snip>

TechTarget:  A new item on this year's list is the VoIP threat. What
is the SANS Institute doing to bolster awareness in this area?

Northcutt: This is my single-greatest failure. We don't have the kind
of intensive "here's what the packets look like" training that's
needed. The problem is just massive. A technology like this never
should have been rolled out without more thought to security. If I had
my way, I would have the creators of VoIP stop everything and redesign
this with security in mind from the get-go.

...

...Run VoIP as a separate cable, where you'd have one cable for data
and another for voice...

</snip>

Thanks,
--scm



More information about the Voipsec mailing list