[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, S ANS director says
Strand, David P (Dave)
strandd at alcatel-lucent.com
Fri Dec 8 18:53:23 GMT 2006
At the risk of sounding like a Rush Limbaugh fan, ditto to Mr. Devine's
eloquent capturing of the essence of the problem.
Unfortunately, this is the reality of the world we live in today. Thus,
the challenge to all of us as professionals in this domain is to devise
new and better ways of developing systems and networks so as to minimize
the risk potentials, somewhat akin to patching up a soldier or injured
athlete so they can go back to the front or back in the game, albeit while
not performing at 100% optimality. The alternative of lamenting about the
"good old days" or what's wrong with VoIP is not terribly productive. If
we don't find ways to evolve it to where it's (relatively) solid, even as
it'll likely take years to do so, who will?
David P. Strand
2500 W. Utopia Rd.
Phoenix, AZ 85027
email: strandd at alcatel-lucent.com <mailto:strandd at alcatel-lucent.com>
The real problem is that commercial realities intrude.
Projects are end date scheduled with insufficient resources and products
go to market before they are fully baked. The PSTN was created with the
infinite resources of monopoly telephone companies and
government-sponsored corporations. SIP is an experimental protocol that
is still evolving. In the "good old days", there would have been a 10
year pause as standards bodies staffed by the monopolies worked out the
issues. Today, we're getting just-in-time engineering with all the
problems associated with early deployment of emerging technologies that
use experimental protocols. Security typically goes last since there is
no profit in security.
More information about the Voipsec