[VOIPSEC] VoIP Attack : How feasible
Michael Slavitch
slavitch at gmail.com
Fri Jul 28 14:22:07 CDT 2006
I suggest reading up on the Windows security model. It does
App-to-app authentication. Done like dinner for a decade.
(the previous one was an editing foo).
On 7/28/06, Satyam Tyagi <styagi at sipera.com> wrote:
> Inline
>
> Thanks,
> Satyam
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Volker Tanger
> Sent: Friday, July 28, 2006 1:06 PM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] VoIP Attack : How feasible
>
> On Fri, 28 Jul 2006 15:34:19 +0800
> Simon Horne <s.horne at packetizer.com> wrote:
>
> > VPNs do not provide end to end authentication.
>
> Maybe if you are using net2net VPNs - if using host2host (end2end)
> VPNs, then they do. At least for the IP connection, that is.
>
>
> [Satyam] host-to-host still does not authenticate app-to-app or take it
> another level user-to-user. I can see a case where a user authenticates host
> using VPN client using one set of credentials and soft client using
> different set of credentials. I think you still need at least app-to-app
> authentication, if not user-to-user. At least some mechanism of passing host
> credentials to different apps if these are tied together, I don't think they
> should be necessarily tied together, I could see a case where a user may
> want to run multiple app instances in the same vpn channel.
>
>
> > VPNs do not provide end to end encryption.
>
> See above.
>
>
> > VPNs do not provide efficient NAT Traversal.
>
> If using UDP-encapsulated IPSec or OpenVPN, they do. It's just plain UDP
> traffic then, no problem to NATify in any way.
>
>
> > traversing NAT which excludes methods like UPnP from being a
> > functional solution
>
> *ahem* UPnP is not a functional solution for quite a lot of stuff
> it does. It is especially unusable for corporate environments - with
> UPnP-enabled "firewalls" any client can configure any port-forwarding
> from outside to inwards which is exactly what you do not want on a
> corporate firewall.
>
>
> > In 10 years of VoIP NAT and security development and after truckloads
> > of publicized RFC's and white papers why are we still talking about
> > VPN's? Surely there must be better solutions that can be deployed
> > today. There is, just they are not available in SIP.
>
> ...or any other VoIP protocols that rely on symmetric RTP as transport
> mechanism (which needs helper protocols and stuff for NATability).
>
> Bye
>
> Volker
>
>
> --
>
> Volker Tanger http://www.wyae.de/volker.tanger/
> --------------------------------------------------
> vtlists at wyae.de PGP Fingerprint
> 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list