[VOIPSEC] Watering down VoIP security expectations
Jacqui Caren
jacqui.caren at ntlworld.com
Fri Mar 10 08:22:17 CST 2006
Up till now a lurker - here goes :-)
Mark Teicher wrote:
> If we go by SPAM by the numbers: 55 is the percentage of companies that have
By the numbers - because our ex-tech director is rather well known and
used his work email address on code he/we open sourced, we get up to
30 THOUSAND messages a day with less than 100 real messages.
We often see a new virus up to 3 days before it is mentioned in the
"press".
Over a period of nearly a year we treid various options. For us
ASSP+(deleted) manages rather well to prune the wheat from this
chaff.
Note that blocking APNIC /8's drops this number by ~20K/day :-)
> When attempting to filter Spam over Internet Telephony (SPIT)
Again we have had this problem - we ran a commercial support service
(- a niche "cygnus") and published a phone number for support. Everyone
and thier dog called this number offering to "pay next time if you can
fix this one first" :-)
The fix - a pre-screen IVR that read out exactly what the service is
and that we do NOT provide support to non customers - enter xxx if
you are a customer. The dropped unwanted calls from ~100 per day to
5 per week. During the Y2K fiasco we were inundated by calls asking
us to provide Y2K indemnity. We added this to the IVR splash but they
kept asking (some daily!) - until their numbers were added to incoming
call routing to "number unobtainable" ;-)
I suppose what I am saying is that YMMV - and there will not be any one
solution for everyone. An example is my home asterisk config will be
WAY different from the work systems.
More information about the Voipsec
mailing list