[no subject]

The reason I'm mentioning this is because I have heard some security people
talking about the problems with IP gateways to the PSTN, which is 
legitimately frightening to many, but the issue isn't about what will
happen when some PBX manufacturer puts an IP stack and an ethernet card
in their product without doing security QA testing. 

It is about whether the traditional telcom security models that look alot 
like corporate IT, where network people don't touch servers, and vice versa, 
will work when the line blurs between the network and the application. 

In corporate IT, I am one of those "Internet guys" that thinks he
can manage systems _and_ networks, which is like saying to me that I 
play both kinds of music, country _and_ western. 

Worst case scenario, we get kafka'esque bureacracy with no standards or 
procedures. Best case, we get a hybrid of strong, auditable and enforcable
policy, with an understanding of the systems and networks as a single
service as presented to the customer.  

So, as for whether we will see better or worse security policy, 
I can garuntee we will see the most cost effective solutions, 
meeting the minimum legal requirements, which serve customers needs, 
and improve overall ROI for stakeholders. 

In other words, not much will change by virtue of convergence alone. 
It will take education, possibly regulation, and market incentives to
create better security policy, and I think these things are independant 
of the features of new technologies. 

Cheers, 


--
batz