Security threats Toolkit
Story: Jericho Forum voices concerns over VoIP security
VoIP security is a problem, but can be guarded against
Whilst I fully commend the comments of the Jericho forum, VoIP security and issues such as the Grandstream one can be guarded against. Right now the majority of VoIP implementions are within the Corporate boundaries.
Where communications exit the boundary towards the service providers networks, we can use conventional security technologies such as IPSec VPNs or SSL/TLS connections and sRTP to ensure communications and devices are secured.
Even where hosted PBXs [for example] are used, existing mechanism hightlighted above provide the same levels of security to VoIP traffic as any other traffic. Further more technologies such as IPSec VPNs are available in SOHO/SME priced devices such as the Draytek Vigor Routers. Its even available for free with Open Source SIP proxies such as OpenSER support TLS for carrying the SIP messages securely.
There is no excuse for not using existing techniques to secure your VoIP implemenation.
Neill Wilkinson
AeonVista Ltd
Full Talkback thread







