Securing VOIP?

From: reberc@post.ch
Date: 10/15/01


Message-ID: <A3EB2C9C9897D411AE890000F831192E0123097C@hcwe74.post.ch>
From: reberc@post.ch
To: pen-test@securityfocus.com
Subject: Securing VOIP?
Date: Mon, 15 Oct 2001 17:12:30 +0200

Hi

I have to review our concept for implementing VOIP. I have to make sure, that all security issues are covered. If anybody could give me some help on this question:

Our provider says, that we need no firewall for VOIP because our Voice Gateway receives only PRI requests/transfers. He says that it is possible to restrict the Voice Gateway for only PRI-Traffic and that it is impossible to bring data along with PRI. The PRI is always converted to voice. Now I have seen, that you can send Voice, Video and Data on PRI. Is it really necessary to have an Firewall between our CallManager and Voice Gateway or can I trust the provider and be sure, that nothing else (IP-Transfers) is coming over this line?

Many thanks in advance!

Claudia Reber
IT-Security Officer

Die Schweizerische Post
Information Technology Services
IT5 IT-Security
Webergutstrasse 12
CH-3030 Bern (Zollikofen)

Tel: ++41 (0)31 338 16 44
Handy: ++41 (0)79 211 01 48
Fax: ++41 (0)31 338 74 92
> e-Mail mailto:reberc@post.ch
>
> visit our homepage:
> http://pww.post.ch/oe/IP/corp//index.htm (intern)
> http://www.post.ch (extern)
>
>
There was a belief that it was going to be easy. They were wrong!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)