Slashdot Mirror

← Back to Stories (view on slashdot.org)

VoIP Security Threats Defined

Posted by ScuttleMonkey on from the i'll-stick-with-my-dixie-cups-and-string dept.

Zonorph writes "Information week is reporting that the recently formed industry group Voice over IP Security Alliance (VOIPSA) just published their first draft of a VoIP Security Threat Taxonomy for public comment. From the VOIPSA, 'This VoIP Security Threat Taxonomy is meant to define the many potential security threats to VoIP deployments, services, and end users. Part of the challenge of devising effective VoIP security protections requires first identifying these threats in the first place.'"

4 of 60 comments (clear)

  1. The biggest security threat to VOIP is CALEA by dyfet · · Score: 1, Interesting
    The biggest single threat to the security of VOIP deployments is CALEA mandated backdoors in VOIP services IMHO. This is in effect government mandated exploits waiting to be exploited by others as well. Cisco was only the latest to demonstrated just how well undisclosed backdoors hidden by obscurity really work, but in this case the problem is not one that can later simply be fixed in the code, because it was broken by the law.

  2. Re:"Security" "Threat" is largely expectations by jmv · · Score: 2, Interesting

    If everyone somehow thinks VOIP on the internet is some magicly secure channel, they'll use it carelessly and lots of security problems will occur.

    Actually, while it's not "magically" secure, it would be possible to make VoIP a lot more secure than about any other communication system. Just think encryption, plus the fact that you can say the key fingerprint out loud so that a "man in the middle" would actually need to imitate your voice in real-time in order to gain access. Of course, you're still vulnerable to mics in your own house...

    --
    Opus: the Swiss army knife of audio codec
  3. Re:I was on the committee by CortoMaltese · · Score: 2, Interesting
    I think you will also find this Deconstructing Voice-over-IP article interesting...

    Seriously, this really sounds like a load of bs to me. Perhaps auto-generated?

  4. Why was there never one of these for POTS? by matth · · Score: 3, Interesting

    It never fails to amaze me that people are ready to jump on VoIP as being "insecure" when infact it is probably more secure then your POTS line. To tap into a POTS line all you need is a butt set. Climb your local pole (and look like you should be) and no one will question you. Or walk up and place a tap on the CO NID outside a building. If it's a business, look like you should be there, and again no one will question you.

    To actually tap VoIP you need to be in the path of the packet somewhere. It isn't like you can just hack a server and sniff the traffic. You'd actually need to be on a router someplace, and have some way to get the packets off the router and into some form that you could make into an audio file.... Yeah, which would you do?