Firewall Wizards mailing list archives
Re: VOIP versus PBX
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 21 Jul 2005 11:25:53 -0400
Yehuda Goldenberg wrote:
What else do I have to worry about with VOIP?
We don't know much about the security of VOIP PBXes but since they were largely developed by "phone guys" I'm comfortable assuming that there is little or none. So you have the issue of accidental or deliberate denial-of-service against desktop phones, but also the potential that the PBX can be attacked over the in-band network that's used to manage it. Because you *KNOW* that whoever manages the PBX will want to access it from their desktop workstation not a workstation on a separate VLAN. The protocols used for VOIP are "problematic" let us say. "Designed by people who ignored security" might be a less tactful way to say it. "Moronic" also comes to mind. That said, there appear to be so many of them that it's hard to nail down whether you'll have a problem or not; it depends on what you wind up using and where/how. The situation is comparable to wireless - getting it all working in default mode is easy. Getting it all working safely is hard and may be impossible. Lastly, inevitably, someone will want to do VOIP with the outside world. For cost saving reasons, or whatever (but really so they can talk to their kid in college for "free") so there will be a move to let the VOIP through your firewall. Then you will discover VOIP-spam. Of course the guys who designed VOIP systems didn't take that into account, either. Like every other "new widget technology" VOIP will eventually mature just around the time that it's being replaced by some cool new new widget technology that didn't take into account any lessons learned from the last new widget technology. But there will be loads of vendors with a $15,000 1-U rack-mount appliance that offers a complete solution that fixes all those problems. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VOIP versus PBX Yehuda Goldenberg (Jul 21)
- Message not available
- Re: VOIP versus PBX Marcus J. Ranum (Jul 21)
- Re: VOIP versus PBX Mark Teicher (Jul 21)
- Re: VOIP versus PBX Marcus J. Ranum (Jul 21)
- Message not available
- Re: VOIP versus PBX Scott Stursa (Jul 21)
- Re: VOIP versus PBX Patrick M. Hausen (Jul 21)
- <Possible follow-ups>
- FW: VOIP versus PBX Yehuda Goldenberg (Jul 21)
- Re: FW: VOIP versus PBX Paul D. Robertson (Jul 21)
- Re: FW: VOIP versus PBX Michael H (Jul 21)
- Re: FW: VOIP versus PBX Paul D. Robertson (Jul 21)
- Re: FW: VOIP versus PBX Michael H (Jul 21)
- Re: VOIP versus PBX Elizabeth Zwicky (Jul 21)
- Re: VOIP versus PBX Paul D. Robertson (Jul 21)
- Re: FW: VOIP versus PBX Paul D. Robertson (Jul 21)