[VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Henry Sinnreich henry at pulver.com
Wed Dec 28 09:05:24 CST 2005 

> You can't sell expensive phones or nobody will be your customer 

 

Check out the Skype phones, (or the Nimcat/Avaya or Peerio PBX phones).

There is no central call routing and the phones are both secure and
affordable. 

 

Both the business models and the platforms (no VoIP infrastructure) are
different though from the "carrier" model, and this changes the security
model and cost in a fundamental way.

 

Let the flames come! :-)

 

Thanks, Henry

 

 

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Voipsec-request at voipsa.org
Sent: Wednesday, December 28, 2005 6:00 AM
To: Voipsec at voipsa.org
Subject: Voipsec Digest, Vol 12, Issue 24

 

Send Voipsec mailing list submissions to

      Voipsec at voipsa.org

 

To subscribe or unsubscribe via the World Wide Web, visit

      http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

or, via email, send a message with subject or body 'help' to

      Voipsec-request at voipsa.org

 

You can reach the person managing the list at

      Voipsec-owner at voipsa.org

 

When replying, please edit your Subject line so it is more specific

than "Re: Contents of Voipsec digest..."

 

 

Today's Topics:

 

   1.  VoIP vulnerabilities summarization (david.castro)

 

 

----------------------------------------------------------------------

 

Message: 1

Date: Tue, 27 Dec 2005 16:12:14 +0100

From: "david.castro" <david.castro at adianta.net>

Subject: [VOIPSEC]  VoIP vulnerabilities summarization

To: Voipsec at voipsa.org

Message-ID: <43B159CE.8030706 at adianta.net>

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

 

Hello, I'm David.

I've just read your interesting "chat", and I learned a lot, but I'd 

like make a question about SIP.

Let's imagine you are making an IP phone-operator. You have a central 

access point (server SIP and gateway to PSTN), or several access points 

across internet. You can sell to your customers a IP-phone, so they 

don't have a computer run to chat on the phone. You can't sell 

expensives phones or nobody will be your customer, so the phones hasn't 

TLS, IPSEC or proxy SIP, because they are connecting direct to access point.

How do you protect this scenario?

I'm using login/password in register request, but in other request I 

can't by the phones. What would you do?

Thanks

 

 

 

 

 

------------------------------

 

_______________________________________________

Voipsec mailing list

Voipsec at voipsa.org

http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

 

 

End of Voipsec Digest, Vol 12, Issue 24

***************************************

More information about the Voipsec mailing list