[VOIPSEC] Softphone Security
Porter, Thomas (Tom)
tporter at avaya.com
Fri Oct 14 15:26:27 CDT 2005
If anyone has thoughts or experiences w/ softphone security, I'd be interested in hearing them...
>From my POV, the threats that are particular to softphone use include:
1. Many softphones contain advertising software that "phones home" with private user information.
2. Softphones require that PC-based firewalls open a number of high UDP ports as part of the media stream transaction
3. Malware that affects any other application software on the PC can also interfere with voice communications
4. Because a softphone resides on a PC, the principle of logically separating voice and data networks is defeated as the PC must reside in both domains.
Point 1 is easy to deal with. Points 2 & 3 are slightly more troubling, but if the PC is secure enough for email & IM, a softphone should not add too much more risk. Point 4 is troubling.
Thanks, Tom
Thomas Porter, PHD
Lead Security Architect
Avaya Services Research & Development
tporter at avaya.com
[O] 919.967.2909
[Cell - USA] 919.593.3130
[Cell - Germany] +49.0163.505.9150
[SIP] 919.951.0052
[IM] AvayaTPorter
More information about the Voipsec
mailing list