Security In Voice Over IP Converged Networks 113
dotslash writes: "This article at Internet Telephony Magazine has a very interesting analysis of security issues created by converging data and telephony networks with VoIP: "When the phenomenon of "convergence" between telephony and Internet started, it also brought closer the world of the phreaker and the hacker. VoIP brings all this to the next level. Unfortunately, the security inherent in VoIP solutions is equivalent to that of the early Internet: Non-existent.""
As if analog was better? (Score:4, Interesting)
"Virtually no security" is an improvement over "_no_ security."
Re:SSL (Score:2, Interesting)
Just think of the amount of packets you have to crypt/decrypt per second.
If we assume 44khz, 16-bit (depends on the ADC/DAC I guess) data, well that's a lot of packets.
No one wants to have a 1-2 second delay in their phone conversation.
Re:SSL (Score:2, Interesting)
I agree that lag may potentially become a problem as number of VoIP sessions grows, but, hey, that's what you need a hardware crypto gadgets.
My School's IP Phone Fiasco (Score:5, Interesting)
My university just recently overhauled the on-campus phone system. They replaced the old (working) system with IP phones. They did the whole job in a matter of months, despite very vocal opposition by the CS department faculty. These Cisco IP phones cost $700 a pop.
They hooked the central hub of the phone system up to generators in the event of a power failure. Unfortunately, all our phones depend on switches and routers scattered throughout campus, and the phones themselves have DC power adapters. In the event of a power outage, the central hub will stays on-line, but all the phones throughout campus go out!
When asked what students and faculty should do in the event of an emergency during a power outage, our IT services department responded, "Try to find someone with a cell phone!"
Worse yet, switches have a mean time to failure of 100,000 hours. With 2,000 switches throughout campus, sections of the phone system go out once every 50 hours. The current average time for IT services to replace a down switch is 2 weeks.
These phone have web servers, and a few other goodies. I'm just waiting until an IP phone worm takes out our entire campus's network and telecommunications infrastructure.
Re:My School's IP Phone Fiasco (Score:3, Interesting)
How does the cable powered device request power before it's got any?
Re:SIP and security. (Score:2, Interesting)
Also, most SIP proxy servers support TLS for secure connections at least between proxies.
The security problems are real, but it doesn't help anybody (except consultants, maybe) to spread myths.
VOMIT! ew .... (Score:2, Interesting)
and don't believe the hype about the supposed safety of switched nets -- VoIP phones are so very compliant, they just love redirects.
nobody