Is Security Holding VoIP Back? 181
phoneboy writes "Voxilla is running a piece I wrote on security issues present in Voice over IP. While an increasing number of people are ditching their ILEC in favor of using Voice over IP from companies like Vonage, VoicePulse, Packet8, and Broadvox Direct, there are a number of potential security issues to be aware of. Is VoIP secure enough to replace the PSTN as we know it?"
As opposed to the security of PSTN? (Score:5, Insightful)
Re:As opposed to the security of PSTN? (Score:4, Insightful)
When you connected to someones VOIP device, it would merely pass you their public key.
Re:As opposed to the security of PSTN? (Score:5, Insightful)
You should get signed keys, or keys directly from the person you want to be talking with. If the somebody wanted to break your security, all they have to do, is be upstream from your ISP. Capture the broadcast of the public key, send you a different one they have the private key for.
Now there are exchange methods that you can use in public, but just passing a key in the clear isn't a good idea. Normally there is some type of key exchange before hand, a trusted third party, or a web of trust used to establish identity, and the trustworthyness of a public key.
Kirby
Re:As opposed to the security of PSTN? (Score:2, Informative)
Re:As opposed to the security of PSTN? (Score:2, Interesting)
I hope there's a better way. I realize that this is an improvement over the current system, but why settle for that? I don't think they're going to run around selling trade secrets, but still, does anyone trust telecoms?
Re:As opposed to the security of PSTN? (Score:3, Informative)
I suppose, that if I encrypt with my private key, then encrypt with your public key. Nobody in the middle can tell what I'm saying. You can know you are talking with someone, but if they can intercept all of the messages, how can you tell them apart from me, if you've never met me or them? They could sa
Re:As opposed to the security of PSTN? (Score:4, Interesting)
Well, the problem is a bit more difficult than that. IPSec can be used with VoIP, but it isn't particularly efficient. There are special IPSec for VoIP specifications, so the problem isn't encryption, but the lack of certificates. Public key encryption is always vulnerable to man-in-the-middle attacks, be it SSH or SSL web traffic [sourceforge.net].
I'm guessing this might hold VoIP back for a little while, but when VoIP will be deployed large-scale, we will for sure see people having personal certificates. Right now, a real non-test certificate from verisign for a company web server costs 895 $ [verisign.com] but I could see the prices going down for personal certificates, when markets for those would start to appear.
Or then there's the Finnish model, where you can get an electronic ID just like you can get a regular ID from the government. The electronic ID is the regular plastic ID card with a smart card chip. You get two certificates from the government-operated CA. All this for the measley price of 40 euros [fineid.fi]. This would be a viable choice for private persons too.
There is also a SIM card version (a WIM card) designed that will come out in the future.
Re:As opposed to the security of PSTN? (Score:2)
Now, if you're talking a "every man runs his own VoIP" environment, or one which doesn't have a small number of key players, then certificates are more important, but even then, a web of trust model could help.
Re:As opposed to the security of PSTN? (Score:5, Funny)
Re:As opposed to the security of PSTN? (Score:3, Insightful)
Re:As opposed to the security of PSTN? (Score:2, Insightful)
Re:As opposed to the security of PSTN? (Score:3, Insightful)
"Meet the new boss
Same as the old boss..."
Re:As opposed to the security of PSTN? (Score:3, Interesting)
He also doesn't want to bother with all that nasty detective work to decide whose phones to tap, he wants to read all the mail and listen to all the phone calls and sort it out later. Personally, I have no problem with thi
Re:As opposed to the security of PSTN? (Score:2)
Which is rather useless for any kind of law enforcement purpose. Given that the signal/noise ratio is so low. With any terrorist or gangster with 2 brain cells to rub together likely to use a simple code which will render their planning indistinguishable from the general chatter of millions of people.
Law enforcement needs so
Re:As opposed to the security of PSTN? (Score:2)
It's kind of hard to tell what kind of data an encrypted VPN tunnel might be carrying...
Am I paranoid enough?
Given that historically such entities appear to have been more interested in commercial spying and chasing people with politically incorrect viewpoints, as opposed to catching organised crime and terrorists. There's a good case for asking if any degree of paranoid is sufficent. Though it can sometimes look as if
Re:As opposed to the security of PSTN? (Score:3, Interesting)
There has to be a real economic incentive to a household or company to roll out new systems to implement VoIP. It ain't here yet, but it'll come.
-----------------
And now, for something completely off-topic:
As of 10:57:22 PST, the last contender
Re:As opposed to the security of PSTN? (Score:4, Insightful)
The PSTN/POTS service is also on a publicly switched network, but controlled by central authorities. However, noone will try a DoS attack by constantly ringing your phone and making it busy.
Re:As opposed to the security of PSTN? (Score:4, Interesting)
Um (Score:5, Interesting)
You say that you the pstn is insecure.. Have you tried lately to 'hack' into one, well besides being able to listen to whats on a analog line. Tell me how a cellphone is insecure (They have encryption and cdma is pretty secure by itself.), or how a isdn line is insecure.. Those are circuit based networks. (well cellphones are a hybrid)
Tell me how would you go about overhearing a circuit in this circuit based network? You can't. The fbi can, But that hardly makes it insecure. Circuit based networks by their very nature are actually highly secure networks. The only person you really have to worry about is the one in control of the line, if you dont' trust them you go with someone else and use encryption..
Now packet based networks are the ones you really should be worried about. Anyone that is on your network segment can sniff your packets. Now if they are encrypted or not is really kinda beside the point.
The modern ptsn network has out of band signaling (ss7) So you can't do alot of the attacks that the old phone networks were vurnable to. LIke playing your own tones (inband signaling.) So tell me again why a circuit based network out of band signaling is insecure?. (oh you can't get into the out of band signalling other then to dial and thats with isdn which uses isup for its out of band. Which is really limited and firewalled {for lack of a better term at the moment} the switch)
Re:Um (Score:2)
Re:Um (Score:4, Informative)
GSM phones are very insecure. A lecturer I had in cryptography had implemented a code breaker for GSM phones. Given 4 minutes of recorded conversation you could break the encryption on that particular call. If you place a recorder by a specific GSM base station you can break all calls routed by that cell in just a few seconds. (That requires about a 100 GB or recorded data though.)
Besides, current phone networks only authenticate the phone, the phone newer authenticates the base station. Get yourself your own station, place it in a van outside a company and you now control all mobile phone calls going through there.
If you have the resources you could in some cases reprogram the cell phones over the mobile network to make them "mobile microphones".
These last two would require a lot of resources naturally. But it's not impossible.
Re:Um (Score:3, Informative)
Also the encryption only applies between handset and the basestation. Even if you have a call between two handsets on the same basestation the encryption is not end to end. In actual
Re:Um (Score:2)
They then proceeded to record every call that took place over that line.
Today, organized crime in Las Vegas reroute calls away from escort and massage services that refuse to pay protection money.
The telephone network is obscure and complex... but hardly secure.
Re:Um (Score:2)
Gets a lot easier if you are a PTO though.
Tell me how would you go about overhearing a circuit in this circuit based network? You can't. The fbi can,
Whilst it's not easy for a private individual to do this. It is possible for entities which have enough money get access. Through bribing the phone company, law enforcement or someone who has access to the relevent software. Remember that computers are stupid, if someone feeds one the right instructi
Re:As opposed to the security of PSTN? (Score:2)
Anyone remember the little scandal thing last year where someone was hacking cell phones that had public IP addresses? I think they definitely need to work on some encryption for VOIP. Everything I've seen with it to date has run with PTP tunneling because of the lack of security, and you could tell, bandwidth-wise.
Re:As opposed to the security of PSTN? (Score:2)
Especially with SPC telephone systems where a "tap" exists only within the software of the system. Known only to the people in charge of the switching software. To the point where it is perfectly possible for lines to be tapped without the knowlage of even the telephone company and criminal gangs being able to place taps on police phones.
Security? Not a problem for home users (Score:5, Insightful)
PSTN? Secure? (Score:5, Insightful)
Re:PSTN? Secure? (Score:2, Insightful)
I don't wnat VoIP (Score:5, Insightful)
Re:I don't wnat VoIP (Score:3, Funny)
Re:I don't wnat VoIP (Score:2)
Re:I don't wnat VoIP (Score:3, Insightful)
Don't assume IP == Internet
The Internet is just one IP network.
Phone companys have their own networks, they don't need to involve the Internet what so ever if they choose. Same as I don't need to plug my IP network into the Internet for things on my own network to talk to eachother.
Re:I don't wnat VoIP (Score:3, Insightful)
Yeah, it's really nice if you're multihomed AS.
I don't remember when was the last time that my phone line failed. As for the internet... three days back (for an hour).
I don't know if this is normal or it's just that .si ISPs tend to suck. I'd like to think that in a critical moment I'll be able to call emergency hotline (eg. 911 for a
Security isn't the problem. (Score:5, Insightful)
Security is not holding VOIP back.
Security is just one layer that needs to be implemented, particularly when VOIP becomes more widespread. It has very little to do with adoption- just look at how analog cellphones prospered. We all know how easy those were to listen to.
Re:Security isn't the problem. (Score:3, Insightful)
-- PhoneBoy
Because... (Score:2)
Re:Security isn't the problem. (Score:2)
Insecure by design (Score:2)
The benefit (privacy from snoops) is far outweighed by the inability to intercept criminal or other communications.
Landline isn't technically secure either. (Score:4, Insightful)
What landlines ARE, though, are more reliable. I don't want to have my VoIP phone crash on me or have packet loss when I'm trying to call 911 because of a heart attack. You don't get two chances at that to call again, reboot, or whatever.
I see it like this (Score:4, Informative)
Re:I see it like this (Score:2, Interesting)
I'd say the problem isn't really the NAT/Firewalls - it's just the NAT that's a hindrance to bidirectional communication. It's simply impossible to create a connection to something behind a NAT box when you only have one IP to work with.
The best analogy to work with would be calling a large department store, wanting to talk to the clothing department, but being confronted by a receptionist or an automated machine telling you to "Enter the extension of the department you would like to dial." This is sadly
SIP (Score:3, Informative)
Re:SIP (Score:2)
It's not so each if you want to establish a direct VoIP call with both people behind a NAT router that they don't control.
Re:I see it like this (Score:3, Informative)
Marketing and Brand (Score:4, Insightful)
Re:Marketing and Brand (Score:3, Insightful)
-- PhoneBoy
secure? (Score:5, Funny)
Hell, when I *ahem* hung around people who beiged boxed we didn't even have aligator clips. Holding onto the wires was cool until a the phone rang
insecure network - insecure services (Score:5, Insightful)
On the internet on the other hand, you can take your pick of about 500k ready to use backdoored hosts at any day. Just pick one close enough to your target. If you are desperate, buy one of the routers in the path on IRC for a few stolen CC numbers.
What we need is a simple and fast encryption method for VoIP. Similar to the phone network, it doesn't have to be 'Fed prove'. This may make it possible to come up with something simple that will not cause excessive latency.
Of course, one issue with VoIP is that its kind of stretching the limits of current infrastructure. So any added overhead may break it.
Re:insecure network - insecure services (Score:3, Informative)
Re:insecure network - insecure services (Score:2, Informative)
IPv6 supports encryption natively. Running voice-over-ip using version 6 is another great reason to make the upgrade.
Re:insecure network - insecure services (Score:2)
I've never used VoIP, but I would think that if you and I deci
Re:insecure network - insecure services (Score:2)
VoIP can, however, be easily tapped from a distance without and physical evidence.
Re:insecure network - insecure services (Score:2)
Re:insecure network - insecure services (Score:2)
Yes it does. Why not build VoIP protocols with built-in strong crypto? They did it with PGPfone years ago, there's no reason not to do it again.
(of course you can always run standard VoIP over ipsec, but that's just for PC to PC service.)
Re:insecure network - insecure services (Score:3, Interesting)
Crappy service is holding VOIP back (Score:3, Funny)
Re:Crappy service is holding VOIP back (Score:2, Informative)
Re:Crappy service is holding VOIP back (Score:2, Informative)
I ditched my land line about 2 months after I got my vonage, I haven't looked back since. I moved accross country and I brought it along and still no problems. I'd bet alot of the problems people have had are on their own end and their cable company (my company told me they didn't have to support any service as long as I could view web pages)
Theres a few things I don't like about viop (Score:4, Interesting)
With most voip app's they just shutoff the microphone when the person isn't talking. This produces an weird silence. Cell phones have to do the same thing to conserver power but what they do is, Place confort noise. This keeps the person thinking that the call is still going. (This is what really turns me off about VOIP)
Another beef I have with voip.. NOthing seems to be standerdised. One voip app does not work with another.
I just think its not the correct way of going about creating a network that is designed to be directly connected. The network that pstn is based on has a niche. Where else are you doing to get a virtual connection without having to bury your own lines to every office. (forgot the terms at moment)
It's extremly hard to talk to someone when A. You have a delay. B. You have missing packets that interupt the signal, Thus you get dropouts.
Now I do like voip in games.. That confort noise I was talking about, Is now takin over by the sound the game makes, and so the silence inbetween isn't so weird.
I have heard about sprint doing voip networks with their own network to get around the ping/packetloss/QOS that is not a garantee on public networks. But I view it as if They want to have a packet based voice network they need to design it from the groundup to just work instead of just layering it ontop of IP. They then need to submit this to the standerd association, So that phone companys don't have to convert/recompress and signal with eath in and out on the network. Otherwords a more lossless operation.
Well thats my beef.
Re:Theres a few things I don't like about viop (Score:3, Interesting)
Comfort noise is missing on less advanced VoIP implementations.
Here's a link to the RFC that specifically describes how to send packets with comfort noise. Note that there's actually some work done to make sure the noise matches the spectral shape of what should actually be there. This prevents the noise from seeming "unusual" the the listener (i.e. it's not just random fuzz):
RFC3389 [sunsite.dk].
In terms of conversion and recompression, G.711 -- the "high bandwidth" version of VoIP, at a
Which way are we going? (Score:3, Interesting)
So which way are we headed?
It's quite ironic that the internet spread as rapidly as it did because people were able to use internet over dialup, and today, the discussion is about how to replace the existing PSTN architecture with VoIP.
However, I think sooner, or later, people will make ALL there phone calls using internet enabled mobile phones. So what protocol are they going to use? Or is it going to be a mix of protocols, say, if a Canadian were to talk to a friend in Australia?
Security... sort of (Score:3, Informative)
one interesting (related) note, is that security is holding back voice over wireless. Not directly because of security concerns, but because of speed. The time to authenticate from AP to AP is causing QOS issues with the voice communications.
The question is..... (Score:3, Insightful)
With all the lag and overloading on the internet, is it really ready to handle a jillion voice streams running over it with the expectation of quality and reliability of PSTN?
As a geek type, I'd love to see it come together to widescale use. But as a business type, it seems to unreliable for official use yet. Most businesses can tolerate their internet connection being down for a period of time, but I don't know any business who can tolerate a phone outage short of sending everyone home.
-m
Re:The question is..... (Score:2)
So I still bring it back to the original question, if we added a couple million VOIP phones I can't believe the current internet would be
Infrastructure not security is holding it back (Score:3, Interesting)
And truthfully, many companies I talked to who converted to it haven't been all that thrilled with the results so far. It's either been flaky or was so expensive that it didn't justice the cost.
PGP Phone (Score:2, Interesting)
Why do we even need VoIP though? (Score:5, Insightful)
What annoys me the most is that cell phones still are not treated as "normal" phones by the key places where it matters, such as credit cards, etc. If I pay a monthly bill on a cell phone, and I need a positive credit rating to even get that service plan in the first place, why is that not good enough to establish credit? It annoys me that even though it seems like something that has been overlooked, it also looks like we're just giving extra business to land-line providers. I have no need for such a telephone line, but I will probably have to get one the next time I move as it still is a requirement for many things.
I need VoIP (Score:3, Insightful)
I don't want to pay for a POTS line and expensive long-distance.
>It is more complicated than it needs to be.
That can be said of a lot of things. It happens to work, and well.
>Cell phones accomplish the exact same thing for the same cost and at a sadly higher reliability level.
My cell phone goes out all the time, my VoIP works all the time. My cell phone has limited minutes and when in use it pushes a few watts of energy at my head t'boot
Re:Why do we even need VoIP though? (Score:2, Informative)
For us, it was simply cheaper than paying for telco service in our house.
It is more complicated than it needs to be.
Huh? They shipped us a black box that plugs into our cable modem. You plug a phone into the black box. There was no configuration to do. You don't need a computer.
Cell phones accomplish the exact same thing for the same cost and at a sadly higher reliability level.
We now have a cell phone and a Vonage line, and no telco service. Th
Re:Why do we even need VoIP though? (Score:2)
Can you name one of those things? I have been 100% cellular for the past 4 years, since I left college. In that time, I have:
-gotten a job
-gotten credit cards - visa, amex, discover
-moved to a different state
-opened a checking account at BoA
-received a new drivers license
-purchased a car
-purchased insurance
-purchased a house
-connected the various water/power/gas
Re:Why do we even need VoIP though? (Score:2)
I go back and forth about having a landline, but I only ever give out my cell. When I have a landline, the number forwards to my landline when the cell is off. When I don't, I leave the cell on all the time.
In my experience, if you just give your cell phone number like you would give your home number on application
Re:Why do we even need VoIP though? (Score:2)
Sometimes they ask if I have a home phone, to which I reply "no" and that hasn't ever been a problem.
Re:Why do we even need VoIP though? (Score:2)
(1) What does VoIP offer to telecommunications providers?
(2) What does VoIP offer to end users?
The answer to (1) is basically that it's cheaper to run one network than two. With VoIP (or VoATM or any voice-over-packet technology), companies that want to offer both voice and data service really only need the network intrastructure for the data service. The amount of data transmitted on commercial networks surpassed the amount of voice transmitted in the l
It's not security, it's quality (Score:5, Interesting)
And with the cost of long distance nowadays, why would you want to drive the cost of your Internet access up by overloading the network with traffic that is doing perfectly well on it's current medium? I guess it comes back to the question of 'What are you trying to fix anyway?'
Re:It's not security, it's quality (Score:2)
What brand of phone do you use? I have heard that earlier Cisco phones weren't so great.
Re:It's not security, it's quality (Score:2)
Re:It's not security, it's quality (Score:2)
PSTN Security ? (Score:3, Informative)
If you want VoIP over the Internet, you defintly need to care about security.
Then again if an operator wants to do this over the internet, there are alot other things than security to think of
as well,(e.g how goddamn unreliable the internet can be.. packet loss, long unpredictable delays , etc.)
Now, many are already doing VoIP, but at a complete diffrent layer.
They replace their internal core switching network with IP networks.
Networks ofcourse nowhere near the internet, only as their internal bearer of signalling and in some cases the voice
as well.
Readers can go through the RFCs for the Sigtran stack for more info. Some are considering SIP/SIP-T as well.
The issue they face are not security, but maturity. Protocols and implementations are not that ready.
In this scenario noone talks about security, its the same as in the "old" telco network, phyisically security.
Which btw. isn't that secure. I can very well dig up an 2mbit SS7 cable, hook e.g. our SS7
simulator(www.utelsystems.com) onto it, and call for free, or cause lots of trouble for the switches..
A pet peeve: unencrypted cordless phones (Score:4, Interesting)
Digital Spread Spectrum phones provide a reasonable amount of security, certainly orders of magnitude better than 'regular' cordless phones. DSS phones have been around for years, but for the sake of a few bucks and a lack of product knowledge, way too many people buy the $49.99 special at Walmart.
One of these day's I should buy or modify something to pickup analog signals so that I can scare/shock my friends/relatives/customers into buying better phones...
Re:A pet peeve: unencrypted cordless phones (Score:2)
Why?
Frankly, my conversations are too boring for anyone to care, and if they really wanted to listen in, they'd go into my backyard with a little battery powered radio transmitter and install it onto the telephone patch panel outside.
That being said, most of my conversations are on my desk phone, but that's more out of convinience then security concern.
Do I give out my credit card over the phone? I can't remembe
But...why ? (Score:3, Interesting)
OK, within an organisaion it makes sense if you have CAT 5 going to everyone's office already, and you have assured bandwidth in your network infrastructure, it can, and does, work. But over the Internet ? Forget it.
ATM is such a good networking medium for the phone. It was designed to allow QoS and pacing, and is therefore perfect at multiplexing audio and video. That's why the packets all hold 48 bytes!
IP was NOT! When you've got VoIP, the web, Real, P2P, pr0n etc etc etc all competing for the same bandwidth, you really start to see why telephones have no business on the internet.
The only reason there is a national/international VoIP industry is cost. If VoIP really does become a serious threat to telephone companies, all they need to do is drop the cost (for a while) and the VoIP businesses drown.
Security ? Whoever wrote that article clearly doesn't understand what telephone networks are.
Not lack of security (Score:5, Insightful)
Pricing People think that VoIP is cheap compared to normal telephony. Average people spend around USD 200 per year on land line telephony. While VoIP might seam "free" you still have to pay around USD 300 for an ADSL connection.
Device type While it is technically feasible to install a VoIP client on a PC, it is not exactly the ideal device for a telephone. Also - remember that people usually have several phones in the house. To overcome this you would need VoIP "telephones" which look like a normal telephone. These are reletive expensive compared to normal phones, and requires a dedicated power supply.
Incoming calls In order to receive incoming calls you need to have you VoIP device turned on all the time and connected to the Internet.
Availability A normal landline telephone is usually available 99.98 % of the time. If your ADSL reaches 99.7% you should consider yourself lucky. Furthermore normal phones work during power outages. In some countries this is a regulatory requirement for emergency services.
Billing It would be nice if it was possible to make "free" VoIP calls. In most of the world however, it is the calling party who pays for the call. This means that a VoIP call terminated at a Spanish GSM phone will be charged backwards: The spanish GSM operator charges the VoIP "operator" for "terminating" the call, and the VoIP operator subsequently charges the VoIP "customer". The world has more than 1 billion GSM subscribers. In order to be able to call these you need the billing infrastructure in place even for VoIP. This requirement makes VoIP just as expensive to produce as traditional telephony.
Only a land line solution The world is moving voice calls to mobile phones. So far it has not been shown that VoIP is technically or economically feasible on mobile phones?
Quality It is pretty hard to beat the delay characteristics of a normal landline phone! VoIP has severe delay problems on thin access lines such as ADSL. Usually OK for 2Mb/s and up.
After all VoIP is only a matter of changing layer 3 and 4 in the protocol stack. Why would end customers care?
The places where VoIP is used today it is mostly invisible to the end-user: It is used as a cost cutting technology by a large number of long distance carriers. The service however is sold as normal "high quality" telephony. It is also used in a corporate setting for branch-to-branch calls as well as for PABX replacements. VoIP also makes a lot of sense sense as computer-telephony-integration in call centers.
The next majer breakthrough for VoIP will be VoADSL. VoIP all the way to the customer premises. The interface to the customer however will be a normal POTS jack, full customer service and the associated billing!
Re:Not lack of security (Score:5, Insightful)
Pricing People think that VoIP is cheap compared to normal telephony. Average people spend around USD 200 per year on land line telephony. While VoIP might seam "free" you still have to pay around USD 300 for an ADSL connection.
If you are only getting a high speed internet connection to use VoIP, you deserve to part with your money. All of the people I know that use VoIP are doing so to avoid ugly long distance bills, if all you use the phone for is local calls to order pizza you really dont need VoIP.
Device type While it is technically feasible to install a VoIP client on a PC, it is not exactly the ideal device for a telephone. Also - remember that people usually have several phones in the house. To overcome this you would need VoIP "telephones" which look like a normal telephone. These are reletive expensive compared to normal phones, and requires a dedicated power supply.
Odd, sitting under my monitor stand and on top of a 5 port switch is this little box that I plug into my switch that I can plug any phone I want to into. Granted crappy phones do not work well, but I DO NOT need a special phone. Some people have actually piped the RJ11 out of their ATA186 into the house line effectively feeding the entire house.
Incoming calls In order to receive incoming calls you need to have you VoIP device turned on all the time and connected to the Internet.
See above.
Billing It would be nice if it was possible to make "free" VoIP calls. In most of the world however, it is the calling party who pays for the call. This means that a VoIP call terminated at a Spanish GSM phone will be charged backwards: The spanish GSM operator charges the VoIP "operator" for "terminating" the call, and the VoIP operator subsequently charges the VoIP "customer". The world has more than 1 billion GSM subscribers. In order to be able to call these you need the billing infrastructure in place even for VoIP. This requirement makes VoIP just as expensive to produce as traditional telephony.
Please follow the links provided in the original Story to the VoIP providers, this is not about using some free software you found on Freshmeat to talk to your friends.
Quality It is pretty hard to beat the delay characteristics of a normal landline phone! VoIP has severe delay problems on thin access lines such as ADSL. Usually OK for 2Mb/s and up.
I can not vouch for other providers, but on Vonage as long as you have ~95k up and no packet loss the quality is fine.
The next majer breakthrough for VoIP will be VoADSL. VoIP all the way to the customer premises. The interface to the customer however will be a normal POTS jack, full customer service and the associated billing!
Again I can not vouch for other providers, but Vonage provides online realtime usage stats, access to your voicemail from any web browser and you can actually call customer service and talk to a human when you have problems.
Sorry if I come of like a ass, but I have seen this same basic comment every time there is a VoIP story on slashdot and most of it is not true.
I have had Vonage service for roughly 2 years and the only time the quality sucked was when I was on Adelphia cable. I switched to DSL and it was fine, I am currently on Comcast/Attbi cable and it is fine.
Re:Not lack of security (Score:2)
If you are only getting a high speed internet connection to use VoIP, you deserve to part with your money. All of the people I know that use VoIP are doing so to avoid ugly long distance bills, if all you use the phone for is local calls to order pizza you really dont need VoIP.
I
Re:Not lack of security (Score:2)
It's a device from Pairgain, and looks to be NEMA rated and such. It is line-powered at something obscene like 300 volts. I recall that it says something about xDSL on one of its brightly-colored warning labels.
One pair goes into this box from the utility pole; three (loop start POTS) pairs emerge.
It works great. I've got a very little idea what the back-end consists of. AFAIK, the whole kit was supp
The DIFFERENCE is: Script Kiddies (Score:2, Informative)
VoIP is (relatively) easily available to any computer-- it uses standard protocols and is intended to travel via networks which are physically publically available during at least some portions of a phone call's life. The access issues are those of any network crack. Exploits can be expected to be passed around thru the saddo script-kiddy-krackers as soon as discovered.
And as regards encryption -- no encr
less security than what? causing what problem? (Score:5, Insightful)
First of all, if VOIP is supposed to be less secure, what is it less secure than? Less secure than telco service? That doesn't really make sense, because essentially all the people who I call and who call me have telco service. There's no such thing as a 'VOIP call' or a 'telco call.' If you stay with the telco because you think it's more secure, and then you call me, guess what -- your call went through my VOIP provider, so you're not any more secure. Likewise if I got a VOIP box that did encryption on the voice data, it still wouldn't guarantee my security if the person I was calling was using an unencrypted wireless connection on their end. And BTW, even if you're a telco customer calling another telco customer, many of your calls probably go through the internet on part of their journey.
It's also not clear to me what real problems they're claiming the lack of security would cause. The beginning of the article seems to imply that the threat is unreliability due to attacks by hackers. Well, that just isn't the real reliability issue faced by actual VOIP users. The only real reliability issue I've encountered is that when my cable modem service isn't working, my phone stops working. (But so far it's always cured the problem if I just power cycle the cable modem.) It's also worth noting that one of the main reasons we switched from telco to VOIP was the poor reliability of the telco service. We went through a period of about two weeks recently where there were telco guys working continuously all up and down the street, all our neighbors had no telco service (or patchy telco service), and we were the only ones on the block who could actually make a phone call. According to the telco worker I talked to (the big green box is right in front of my house), the issue is just that the equipment is getting really old.
They also seem to imply that there's some sort of a threat of identity theft, or that someone may steal your service. Well frankly, I'm taking a bigger risk every time I let a waiter in a restaurant see my credit card number.
Security (Score:3, Interesting)
Reliability is the key. PSTN are not more secure except for the fact that is controlled by a few and has limited application besides voice (your fax machine is not going to contract a virus that will in turn disrupt communications for everyone).
VoIP is feasible, but not over plain old internet, and it doesn't have to be. There are several telcos that use IP on their voice backbone, on a network isolated from the internet.
Imagine the slashdot effect taking down not only your company's webserver, but your phone lines as well...
911 (Score:3, Funny)
Re:911 (Score:2, Funny)
Another article on this subject... (Score:4, Informative)
Converged Security (Score:5, Informative)
Lets start by looking at the wire protocols. We have two separate domains within which VoIP operates: Signaling, which determines where a call should route, and traffic, which is the actual stream of speech that needs to arrive at its destination in under a tenth of a second. These are very different protocols. Signaling was originally implemented using H.323, which can be basically thought of as a port of the existing telephony protocols (SS7) to IP.
H.323 is...well...not entertaining to work with. It's a very messy protocol. To a first level of approximation, H.323 is being reimplemented with SIP, which applies the semantics of HTTP to VoIP signaling. SIP is still complicated, but in a more manageable way.
Whether one is using H.323 or SIP to route calls, the actual traffic is moved over a relatively simple protocol entitled RTP. RTP basically involves chunking compressed audio into small packets, attaching a timestamp and a codec identifier, and throwing the packet at the appropriate host. UDP Port selection is managed dynamically by whatever signaling protocol is being used, meaning a firewall either needs to open the entire range of ports that VoIP might use (not small) or it needs to directly parse the signaling traffic to determine what ports to open.
Remember how both SIP and H.323 are both very complex protocols? Add in that complex protocols can hide many security vulnerabilities, and put that complexity in the firewall: Mistakes are made. (That's not theoretical -- a recent mass audit of H.323 exposed holes not merely in VoIP endpoints, but VoIP-aware firewalls. Microsoft, who actually has a pretty impressive firewall solution, was hit pretty bad.)
It's now that we can start discussing the differences between Enterprise VoIP and the kind of PSTN-Bridge VoIP that Vonage sells. Phones in enterprises receive connections from every other potential phone -- in other words, there's generally no central proxy that copies all the traffic towards where it needs to be. In the enterprise world, there's relatively few firewalls inside the corporate network, those that are deployed can be made VoIP aware, and the "central gatekeepers" really only manage directory services (go to this IP for this extension), conference-call mixing, and in the Avaya case, encryption keys.
You don't have that situation in the public realm. Firewalls -- which are everywhere, as deployed through NAT -- simply won't accept incoming connections from hosts that a backend client wasn't communicating with in the first place. But that's almost OK, because the only host a Vonage box needs to communicate with is Vonage itself. So if you actually examine the Motorola device that Vonage is presently deploying, you'll see that it itself accepts almost no incoming connectivity of any form that doesn't appear to come from Vonage itself (just DHCP and ARP, basically). The public providers basically proxy all traffic, because they have to: Nodes on the public PSTN network (normal phone lines) can't be told to just send IP packets at the Motorola device. So the proxying is basically mandatory.
It's ironic that, at least at the moment, PSTN integration carries with it an architecture that's infinitely more wiretap-friendly than what VoIP could eventually become. Tapping a complex mesh where any node often communicates with every other node is difficult-to-impossible to do, at least with any form of reliability. Create a finite number of junction points that must be passed through in order for connectivity to be established, however, and tapping becomes feasible.
AOL Instant Messenger is the most interesting va
Two things holding it back. (Score:2, Insightful)
Why do I need another phone? I get excellent coverage and my calling plan is flexible.
2) Crappy ISP's
I would not be willing to deal with the latency/bandwidth issues. Until you have QoS from point A to point B, VOIP will be an annoyance.
What we need (Score:3, Funny)
Security is not the big problem... (Score:4, Insightful)
How secure are landlines... (Score:3, Interesting)
And there are always stories of people finding unexplained telephone calls billed to their account, only to find out someone else had jacked a patch cable to their line on an outside wall.
I'd Say Incompetence Is Holding It Back (Score:4, Informative)
It's been a disaster. Phones cut people off, the wrong people get transferred calls, weird noise on the phone line.
I'm waiting for the whole system to go dead any day now.
One of the IT guys who helped install it keeps an analog phone in his office just in case.
At least the fax phone line in Registration is still analog.
I read a Cringely report in InfoWorld where a company had VoIP and when it prevented customers from calling them, they didn't know it until the voicemail overflowed - and then they couldn't call support - because the phone didn't work.
VoIP - nice concept - bad execution.
Re:I'd Say Incompetence Is Holding It Back (Score:2)
unlimited bs (Score:2)
well. sucks to be you then. perhaps if you stopped using weasel-words like "unlimited" when you mean "we have a very definite upper limit"? or perhaps a corporate lie-monger like ravi here would enjoy an unlimited prison term in which to ponder the sleaze inherent in misrepresentation of the