Security Basics mailing list archives

RE: Question on VoIP security

From: "Chris Serafin" <chris () chrisserafin com>
Date: Tue, 20 Dec 2005 22:11:33 -0600

I am from a security pen test background but was hired with a Cisco VoIP
shop.  So naturally I wanted to experiment with VoIP pen testing.  

Sivus: VoIP vuln scanner:
http://www.vopsecurity.org/html/tools.html

Voice Over Misconfigured Internet Telephones: VOMIT:
http://vomit.xtdnet.nl/

Cain n Able:
http://www.oxid.it/cain.html

http://www.contractoruk.com/news/001864.html

I will be dedicating a lot of time researching this subject, once I pass my
damn QoS test!!! More to come!

Chris Serafin
IT Security / Voice Engineer
chris () chrisserafin com





-----Original Message-----
From: Rodrigo Blanco [mailto:rodrigo.blanco.r () gmail com] 
Sent: Sunday, December 18, 2005 7:01 AM
To: security-basics () securityfocus com
Subject: Question on VoIP security

Hello list,

I am currently facing an Intranet VoIP project (will be restricted to
1 organization's Intranet, geographically disperse), from the security
standpoint. So, I have to propose a security architecture for a
SIP-based VoIP deployment. Vendor is still a variable, so it should be
as vendor-independent as possible (but it will probably be Cisco /
Nortel).

Does anyone have information on the currently security practices used
to protect the confidentiality, integrity and guarantee access control
in the VoIP services network?

If you can provide me with general principles, and perhaps links to
documents describing the security problems I should consider, these
would be more than welcome.

Thanks in advance and best regards,
Rodrigo.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfoc_ml
----------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

Question on VoIP security Rodrigo Blanco (Dec 19)
- Re: Question on VoIP security ilaiy (Dec 19)
- Re: Question on VoIP security Peter Wan (Dec 19)
- Re: Question on VoIP security Dave Dearinger (Dec 20)
- RE: Question on VoIP security Chris Serafin (Dec 21)
- <Possible follow-ups>
- RE: Question on VoIP security Hayes, Ian (Dec 19)
  - RE: Question on VoIP security Chris Serafin (Dec 21)