Security Basics mailing list archives
RE: Question on VoIP security
From: "Chris Serafin" <chris () chrisserafin com>
Date: Tue, 20 Dec 2005 22:11:33 -0600
I am from a security pen test background but was hired with a Cisco VoIP shop. So naturally I wanted to experiment with VoIP pen testing. Sivus: VoIP vuln scanner: http://www.vopsecurity.org/html/tools.html Voice Over Misconfigured Internet Telephones: VOMIT: http://vomit.xtdnet.nl/ Cain n Able: http://www.oxid.it/cain.html http://www.contractoruk.com/news/001864.html I will be dedicating a lot of time researching this subject, once I pass my damn QoS test!!! More to come! Chris Serafin IT Security / Voice Engineer chris () chrisserafin com -----Original Message----- From: Rodrigo Blanco [mailto:rodrigo.blanco.r () gmail com] Sent: Sunday, December 18, 2005 7:01 AM To: security-basics () securityfocus com Subject: Question on VoIP security Hello list, I am currently facing an Intranet VoIP project (will be restricted to 1 organization's Intranet, geographically disperse), from the security standpoint. So, I have to propose a security architecture for a SIP-based VoIP deployment. Vendor is still a variable, so it should be as vendor-independent as possible (but it will probably be Cisco / Nortel). Does anyone have information on the currently security practices used to protect the confidentiality, integrity and guarantee access control in the VoIP services network? If you can provide me with general principles, and perhaps links to documents describing the security problems I should consider, these would be more than welcome. Thanks in advance and best regards, Rodrigo. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfoc_ml ---------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Question on VoIP security Rodrigo Blanco (Dec 19)
- Re: Question on VoIP security ilaiy (Dec 19)
- Re: Question on VoIP security Peter Wan (Dec 19)
- Re: Question on VoIP security Dave Dearinger (Dec 20)
- RE: Question on VoIP security Chris Serafin (Dec 21)
- <Possible follow-ups>
- RE: Question on VoIP security Hayes, Ian (Dec 19)
- RE: Question on VoIP security Chris Serafin (Dec 21)