[VOIPSEC] VoIP vulnerabilities summarization
Emir Arslanagic
emir at cw.net
Wed Dec 28 09:17:01 CST 2005
This should be done using 2.factor authentication, challenge response or one
time password. Exact implementation should depend on user community. If all
users do have GSM phones then easiest way would be to send password using
SMS.
Thanks,
--Emir
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Emir Arslanagic, CISSP, CISM
Cable & Wireless Network Services
Desk : +44 134 481 2115
Mobile: +49 172 898 6797
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
> Behalf Of david.castro
> Sent: 27 December 2005 10:12
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] VoIP vulnerabilities summarization
>
>
> Hello, I'm David.
> I've just read your interesting "chat", and I learned a lot, but I'd
> like make a question about SIP.
> Let's imagine you are making an IP phone-operator. You have a central
> access point (server SIP and gateway to PSTN), or several access points
> across internet. You can sell to your customers a IP-phone, so they
> don't have a computer run to chat on the phone. You can't sell
> expensives phones or nobody will be your customer, so the phones hasn't
> TLS, IPSEC or proxy SIP, because they are connecting direct to
> access point.
> How do you protect this scenario?
> I'm using login/password in register request, but in other request I
> can't by the phones. What would you do?
> Thanks
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
More information about the Voipsec
mailing list