[VOIPSEC] Indentity Management and VoIP and More

Steve Blair blairs at isc.upenn.edu
Mon Apr 24 08:50:27 CDT 2006 


Paine, Richard H wrote:

>Yes, I see it changing.  The reality is that Boeing and other Fortune
>500 companies will come to the realization that there is a massive
>vulnerability in the VOIP implementations.  The reality is that VOIP
>calls, if they are Internet-only are all vulnerable to spoofing and
>tapping and man-in-the-middle attacks against their businesses.  Why it
>doesn't have much emphasis right now is that the Cisco Call Managers and
>other VOIP connections are dependent and rely on the PSTN system that
>historically maintains an enterprise trust of the PSTN providers to
>provide secure voice communications.  It really isn't secure, but it is
>wired and protected by the PSTNs and the courts.  As more and more
>traffic stays on the Internet and does not move to the PSTN, the
>vulnerability increases.  
>
There are also impacts on regulatory issues, such as HIPPA, as 
organizations move from the PSTN to a publicly accessible IP based 
communications infrastructure.

Steve

>End-to-end secure sessions, like the Secure
>Mobile Architecture (SMA) provides, will eventually become imperative to
>protect VOIP communications.  Until the perception that everything is
>protected is debunked, there will be a lack of interest in such systems.
>It will only take one well publicized security event and the attitudes
>will change.
>
>Richard H. Paine
>Success is getting what you want, happiness is liking what you get!
>Cell:  206-854-8199
>IPPhone:  425-373-8964
>Email:  richard.h.paine at boeing.com 
>
>
>-----Original Message-----
>From: richb2 at pegasus.rutgers.edu [mailto:richb2 at pegasus.rutgers.edu] 
>Sent: Sunday, April 23, 2006 7:24 AM
>To: Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] Indentity Management and VoIP and More
>
>Richard sorry to be emailing you directly, but I get a "daily journal"
>of the emails from this group and thus did not get the attachment (SMA)
>that you mentioned. I was a VoIP software application engineer in the
>days before Cisco took over the game, and am now getting an MBA in
>accounting, hoping to become an IT Auditor. My question regards the use
>of this SMA technlogy in the enterprise. I understand that the ISACA
>group sometimes sponsors classes on VoIP security, but not enough people
>even signed up for the one here in NY/NJ this past session to even have
>the seminar. This makes me think that VoIP security is not high on the
>list of Risks to companies. Possibly it is not considered a risk to the
>validity of the financials?
>
>Do you see this changing? Do you see a future for the VoIP
>specialization in the Auditing of IT systems?
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>  
>

-- 
  
ISC Network Engineering
The University of Pennsylvania
3401 Walnut Street, Suite 221A
Philadelphia, PA 19104  


voice: 215-573-8396 

       215-746-8001

fax: 215-898-9348    

sip:blairs at net.isc.upenn.edu

More information about the Voipsec mailing list