Securing VOIP?

From: reberc@post.ch
Date: 10/15/01


Message-ID: <A3EB2C9C9897D411AE890000F831192E0123097C@hcwe74.post.ch>
From: reberc@post.ch
To: pen-test@securityfocus.com
Subject: Securing VOIP?
Date: Mon, 15 Oct 2001 17:12:30 +0200

Hi

I have to review our concept for implementing VOIP. I have to make sure, that all security issues are covered. If anybody could give me some help on this question:

Our provider says, that we need no firewall for VOIP because our Voice Gateway receives only PRI requests/transfers. He says that it is possible to restrict the Voice Gateway for only PRI-Traffic and that it is impossible to bring data along with PRI. The PRI is always converted to voice. Now I have seen, that you can send Voice, Video and Data on PRI. Is it really necessary to have an Firewall between our CallManager and Voice Gateway or can I trust the provider and be sure, that nothing else (IP-Transfers) is coming over this line?

Many thanks in advance!

Claudia Reber
IT-Security Officer

Die Schweizerische Post
Information Technology Services
IT5 IT-Security
Webergutstrasse 12
CH-3030 Bern (Zollikofen)

Tel: ++41 (0)31 338 16 44
Handy: ++41 (0)79 211 01 48
Fax: ++41 (0)31 338 74 92
> e-Mail mailto:reberc@post.ch
>
> visit our homepage:
> http://pww.post.ch/oe/IP/corp//index.htm (intern)
> http://www.post.ch (extern)
>
>
There was a belief that it was going to be easy. They were wrong!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/