[VOIPSEC] Indentity Management and VoIP and More

Paine, Richard H richard.h.paine at boeing.com
Mon Apr 24 08:41:31 CDT 2006 

Yes, I see it changing.  The reality is that Boeing and other Fortune
500 companies will come to the realization that there is a massive
vulnerability in the VOIP implementations.  The reality is that VOIP
calls, if they are Internet-only are all vulnerable to spoofing and
tapping and man-in-the-middle attacks against their businesses.  Why it
doesn't have much emphasis right now is that the Cisco Call Managers and
other VOIP connections are dependent and rely on the PSTN system that
historically maintains an enterprise trust of the PSTN providers to
provide secure voice communications.  It really isn't secure, but it is
wired and protected by the PSTNs and the courts.  As more and more
traffic stays on the Internet and does not move to the PSTN, the
vulnerability increases.  End-to-end secure sessions, like the Secure
Mobile Architecture (SMA) provides, will eventually become imperative to
protect VOIP communications.  Until the perception that everything is
protected is debunked, there will be a lack of interest in such systems.
It will only take one well publicized security event and the attitudes
will change.

Richard H. Paine
Success is getting what you want, happiness is liking what you get!
Cell:  206-854-8199
IPPhone:  425-373-8964
Email:  richard.h.paine at boeing.com 


-----Original Message-----
From: richb2 at pegasus.rutgers.edu [mailto:richb2 at pegasus.rutgers.edu] 
Sent: Sunday, April 23, 2006 7:24 AM
To: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Indentity Management and VoIP and More

Richard sorry to be emailing you directly, but I get a "daily journal"
of the emails from this group and thus did not get the attachment (SMA)
that you mentioned. I was a VoIP software application engineer in the
days before Cisco took over the game, and am now getting an MBA in
accounting, hoping to become an IT Auditor. My question regards the use
of this SMA technlogy in the enterprise. I understand that the ISACA
group sometimes sponsors classes on VoIP security, but not enough people
even signed up for the one here in NY/NJ this past session to even have
the seminar. This makes me think that VoIP security is not high on the
list of Risks to companies. Possibly it is not considered a risk to the
validity of the financials?

Do you see this changing? Do you see a future for the VoIP
specialization in the Auditing of IT systems?


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list