[VOIPSEC] Question on VoIP security requirements in financial sector

Fleming, Eoin (DSCP) eoin.fleming at hp.com
Mon Jun 18 06:25:46 CDT 2007 

I am not aware of any regulations concerning VOIP specifically (the regulations will probably never refer to VOIP anyway but to telephony/telecommunications networks normally...). Encryption is not mentioned in connection with VOIP certainly but if you are dealing with personal financial information or personally identifiable information then encryption would be considered a mandatory requirement under the banner of exercising due care in the protection of financial records (but this is by inference only...) The only area that I am sure affects VOIP is call recording requirements for certain dealing and call centre operations.

This link might shed some light http://www.syngress.com/book_catalog/372_PRAC_VoIP/sample.pdf

But like most things in the regulatory world it's all open to some degree of interpretation i.e. even if you implement encryption so it's available for the use of your customers you have no guarantee that the other end of the conversion will use it, similarly in the PSTN you have no control over the possibility that your carrier might route some of your calls over VOIP....so the only thing you can really do is risk assess and encourage the use of encryption.

Cheers,

Eoin D. Fleming

-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On Behalf Of Roland Auckenthaler
Sent: 18 June 2007 10:35
To: voipsec at voipsa.org
Subject: [VOIPSEC] Question on VoIP security requirements in financial sector

Hello,

I'm trying to find some information regarding security policies or legal 
obligations with regards to the use of VoIP in the financial sector. Does 
anybody know if the use of SRTP and/or TLS are mandatory requirements for 
some financial transactiosn (i.e. phone banking)? I'm especially looking 
for information that relates to europe but if you got something from other 
regions that that would be helpful too.

best regards

Roland Auckenthaler
Sales Engineer CEEME, NMS Communications

Address:  Richard Strauss Strasse 71, D-81679 Munich, Germany
Phone: +49 89 945484-78, Fax: +49 89 945484-70
MSN-IM: rauckenthaler at hotmail.com

Amtsgericht Muenchen: HRB 132404, Geschäftsführer: Herb Shumway




voipsec-request at voipsa.org 
Sent by: voipsec-bounces at voipsa.org
19.01.2007 13:00
Please respond to
voipsec at voipsa.org


To
voipsec at voipsa.org
cc

Subject
Voipsec Digest, Vol 25, Issue 4






Send Voipsec mailing list submissions to
                 voipsec at voipsa.org

To subscribe or unsubscribe via the World Wide Web, visit
                 http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
                 voipsec-request at voipsa.org

You can reach the person managing the list at
                 voipsec-owner at voipsa.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Voipsec digest..."


Today's Topics:

   1. EUSecWest 2007 Papers (Dragos Ruiu)


----------------------------------------------------------------------

Message: 1
Date: Thu, 18 Jan 2007 16:07:22 -0800
From: Dragos Ruiu <dr at kyx.net>
Subject: [VOIPSEC] EUSecWest 2007 Papers
To: Voipsec at voipsa.org
Message-ID: <200701181607.22142.dr at kyx.net>
Content-Type: text/plain;  charset="us-ascii"

(Nico already beat me to telling you folks, but
there is some other info in this message that 
may interest some folks here  --dr:)

Hi,

For those who asked, we are still processing the submissions for 
CanSecWest
and the call closed, please stand by. The paper selections are back from 
the
reviewers for EUSecWest, in London on March 1-2.

In absolutely random order:

Threats against and protection of Microsoft's internal network - Greg 
Galford, 
Microsoft
Linux Kernel == Security Nightmare - Marcel Holtmann, Red Hat
/GS and ASLR in Windows Vista - Ollie Whitehouse, Symantec
Fuzzing: history, perspectives and limits - Christian Wieser, Oulu 
university
The new OWASP Web Application Penetration Testing Methodology - Matteo 
Meucci 
& Alberto Revelli, OWASP-Italy
Reverse Engineering Malicious Javascript - Jose Nazario, Ph.D., Arbor
Bypassing NAC Systems - Ofir Arkin, Insightix
RFID - Adam Laurie, trifinite
Protecting Next-Gen Networks @ Nx10G link sizes - Jim Deleskie, Teleglobe
Video Conferencing Security - Navid Jam, Sandia National Laboratories
Software Virtualization Based Rootkits - Sun Bing
VoIP Attacks! - Dustin D. Trammell, TippingPoint
Windows Vista Exploitation Countermeasures - Richard Johnston, Microsoft
OSX Security - Daniel Cuthbert, Corsaire
Distributed drone-based malware propagation and deployment automation - 
Emmanuel H

We have added a new RFID dojo in London with Adam, and Nico 
has a new VoIP Security dojo amongst the new dojos to be announced
for CanSecWest along with the paper selections. Dojos for London 
have final schedules now.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
London, U.K.    Mar 1-2 - 2007    http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp



------------------------------

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


End of Voipsec Digest, Vol 25, Issue 4
**************************************


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list