RE: Securing VOIP?

From: Shawn Duffy (sduffy@xecu.net)
Date: 10/16/01


From: "Shawn Duffy" <sduffy@xecu.net>
To: <reberc@post.ch>
Subject: RE: Securing VOIP?
Date: Mon, 15 Oct 2001 19:18:26 -0400
Message-ID: <00b501c155cf$b1787fa0$415e050a@D9741Q01>

Your provider is correct. PRI is a switched service provided by HIS/HER
side. The only way that data (we are talking about Internet traffic
from the providers side) can get through is by the provider allowing it.

My guess is he is providing you B channels directly from the provider's
own PBX. This means that he is hooking you up to PHONE services only.
I bet he hasn't thought of you using the channel for dial into an analog
modem... Even so, the issue would be with the terminating modem on your
end.
More likely you are running a digital service and cannot hook an analog
modem to your phone set.

Clear as mud now?
Hope this did help.

--
Shawn Duffy, CISSP
 
 

-----Original Message----- From: reberc@post.ch [mailto:reberc@post.ch] Sent: Monday, October 15, 2001 11:13 AM To: pen-test@securityfocus.com Subject: Securing VOIP?

Hi

I have to review our concept for implementing VOIP. I have to make sure, that all security issues are covered. If anybody could give me some help on this question:

Our provider says, that we need no firewall for VOIP because our Voice Gateway receives only PRI requests/transfers. He says that it is possible to restrict the Voice Gateway for only PRI-Traffic and that it is impossible to bring data along with PRI. The PRI is always converted to voice. Now I have seen, that you can send Voice, Video and Data on PRI. Is it really necessary to have an Firewall between our CallManager and Voice Gateway or can I trust the provider and be sure, that nothing else (IP-Transfers) is coming over this line?

Many thanks in advance!

Claudia Reber IT-Security Officer

Die Schweizerische Post Information Technology Services IT5 IT-Security Webergutstrasse 12 CH-3030 Bern (Zollikofen)

Tel: ++41 (0)31 338 16 44 Handy: ++41 (0)79 211 01 48 Fax: ++41 (0)31 338 74 92 > e-Mail mailto:reberc@post.ch > > visit our homepage: > http://pww.post.ch/oe/IP/corp//index.htm (intern) http://www.post.ch > (extern) > > There was a belief that it was going to be easy. They were wrong!

------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/