[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says

Geoff Devine gdevine at cedarpointcom.com
Fri Dec 8 13:34:41 GMT 2006

Diana Cionoiu writes:

> Another major issue with VoIP himself is the fact that 
> technology himself is very complicated and 90% of the
> developers in this world are not capable to write a decent
> VoIP software. We still have problems with the sound card,
> we still have VoIP gateways that crash. We still have a
> huge lack of training for the VoIP system administrators.

In my opinion, 90% of developers are plenty capable of writing decent
VoIP software.  The real problem is that commercial realities intrude.
Projects are end date scheduled with insufficient resources and products
go to market before they are fully baked.  The PSTN was created with the
infinite resources of monopoly telephone companies and
government-sponsored corporations.  SIP is an experimental protocol that
is still evolving.  In the "good old days", there would have been a 10
year pause as standards bodies staffed by the monopolies worked out the
issues.  Today, we're getting just-in-time engineering with all the
problems associated with early deployment of emerging technologies that
use experimental protocols.  Security typically goes last since there is
no profit in security.  

I'm not convinced that better training of VoIP system administrators
solves the problem.  In my universe, the biggest problem I see is that
internet network administrators don't have a clue that they're now
running a five 9's lifeline application on their data networks.  The
PSTN had a century to evolve the methods and procedures to keep their
network up and stable.  Data networks have not had that requirement
until very recently and we need a culture shift.  Internet network
administrators really are VoIP system administrators since they inherit
the requirements of the VoIP application that is running on their
networks.  The tech support people in my company were commenting to me
last night that they were really looking forward to December 15th when
our customers lock down their networks for the Christmas holiday and
don't mess with them.  Our field problem reports typically drop down to
near zero.


Geoff Devine
Chief Architect
Cedar Point Communications

More information about the Voipsec mailing list