Security: March 2008 Archives
I was recently interviewed by the National Post to provide some comments on VoIP / Wireless security for an article in the Financial Post.
I'm not sure what's behind it, but when it comes to transporting voice over an IP network, there continues to be a fascination and some paranoia about the security aspects. This despite the fact that references to documented security breaches remain elusive. VoIP and SIP do have security vulnerabilities but as I have stated many times, all of the associated risks can be sufficiently mitigated by following documented best-practices.
When it comes to eavesdropping on voice calls, things were much simpler when I was implementing business voice solutions during the early 80s'. Remember the Butt Set? Despite the fact that all one needed to listen to, and
record calls, was a pair of alligator clips and easily accessed wire pairs, I rarely heard anyone express concerns about voice security.
Intercepting VoIP calls in a properly secured environment, is slightly more complicated. First one needs to either get physical access or to somehow redirect the VoIP traffic. Once that is accomplished, there are software tools that can capture the VoIP traffic and convert the encoded voice back to analogue. In a secure enterprise environment however, that is much more complicated than the Butt Set method of old. And oh yes, I almost forgot. Someone came up with this silly concept of encryption, which when applied to VoIP media streams and signaling, adds considerably to the challenge of eavesdropping!
Stumble It!
I'm not sure what's behind it, but when it comes to transporting voice over an IP network, there continues to be a fascination and some paranoia about the security aspects. This despite the fact that references to documented security breaches remain elusive. VoIP and SIP do have security vulnerabilities but as I have stated many times, all of the associated risks can be sufficiently mitigated by following documented best-practices.
When it comes to eavesdropping on voice calls, things were much simpler when I was implementing business voice solutions during the early 80s'. Remember the Butt Set? Despite the fact that all one needed to listen to, and
record calls, was a pair of alligator clips and easily accessed wire pairs, I rarely heard anyone express concerns about voice security.Intercepting VoIP calls in a properly secured environment, is slightly more complicated. First one needs to either get physical access or to somehow redirect the VoIP traffic. Once that is accomplished, there are software tools that can capture the VoIP traffic and convert the encoded voice back to analogue. In a secure enterprise environment however, that is much more complicated than the Butt Set method of old. And oh yes, I almost forgot. Someone came up with this silly concept of encryption, which when applied to VoIP media streams and signaling, adds considerably to the challenge of eavesdropping!
Stumble It!
