[VOIPSEC] VoIP Security

Zmolek, Andrew (Andy) zmolek at avaya.com
Tue Sep 26 18:16:15 BST 2006 

Mike-

That depends on your point-of-view. Assuming you're not just trolling
here, let me provide a brief answer:

If you're only concerned about someone attacking your home computer via
an open VoIP port when it's behind a firewall, then you are correct that
that scenario is unlikely to be realized in the form of a bona-fide
threat vector. On the other hand, if interception of unencrypted voice
conversations over the internet or within a LAN or across a WiFi network
is a concern then there is a lot to worry about (particularly since what
little encryption is actually implemented in the field is generally
using proprietary or otherwise non-interoperable signaling to set it
up). 

And if one considers it important for VoIP networks and phones to
actually work, then Denial-of-Service threats to VoIP devices and
servers (which were effectively demonstrated at this year's BlackHat
conference by Mark Collier and Dave Endler) are a real concern,
particularly as organizations open up internet-based connectivity to
their VoIP networks (which also exposes them to SPAM over Internet
Telephony). In addition, many enterprises are tightening up their
network access controls which makes support for standards like 802.1X
increasingly important.

Beyond this, annual losses to enterprises and carriers for toll fraud
(whether by IP or traditional TDM technologies) continue to grow and
number in the billions of dollars. If you get hit with the bill because
of something you (or someone operating on your behalf) failed to do to
secure your data network or VoIP infrastructure, you might feel
differently about the reality of VoIP security.

/\\//\Y/\   Andy Zmolek  |  zmolek at avaya.com  |  303-538-6040 
            Senior Manager, Security Planning & Strategy
            GCS Security Technology Development  |  Avaya, Inc. 


-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
Behalf Of Mike Hammett
Sent: Tuesday, September 26, 2006 10:28 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] VoIP Security

Has anyone actually proved all the VOIP Security hysteria to be anything
more than a bunch of worry-warts?  So far I put it in the same category
as someone that runs a firewall on their personal computer behind a NAT
router...  An intrusion is technically possible, but how likely?


----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list