RE: VoIP security

From: David (david_at_clicksee.net)
Date: 04/21/05

  • Next message: Alexandre Zglav: "Re: VNC Security"
    To: "'Seth Art'" <sethart@gmail.com>, <security-basics@securityfocus.com>
    Date: Thu, 21 Apr 2005 09:14:29 +0700
    
    

    This article addresses your questions pretty specifically:

    As with traditional telephony, eavesdropping is a concern for
    organizations using VOIP-and the consequences can be greater, says
    Charlie Rabie, a vice president at Aspect Communications Corp. in San
    Jose. Aspect is a provider of software and services for implementing
    VOIP, traditional telephony and other communication services.

    Because voice travels in packets over the data network, hackers can use
    data-sniffing and other hacking tools to identify, modify, store and
    play back voice traffic traversing the network, Kemmerer says.

    A hacker breaking into a VOIP data stream has access to a lot more calls
    than he would with traditional telephone tapping. As a result, "one of
    the big differences is that a hacker has a much higher probability of
    getting intelligent information" from tapping a VOIP data stream than
    from monitoring traditional phone systems, Rabie says.

    From:
    http://www.computerworld.com/securitytopics/security/story/0,10801,74840
    ,00.html

    -----Original Message-----
    From: Seth Art [mailto:sethart@gmail.com]
    Sent: Wednesday, April 20, 2005 8:52 PM
    To: security-basics@securityfocus.com
    Subject: VoIP security

    My coworker had an interesting question. She had to validate her
    credit card number over the phone using her social and other sensitive
    information. She has a VoIP router from her ISP. The question: Are
    the VoIP packets encrypted as they go across the wire? Or can
    someone sniffing in the right place capture all of that sensitive VoIP
    traffic and reassemble her CC# and SS# from the tones? Is this
    somethign that might be an issue in the future or is there already an
    answer out there?

    -Seth


  • Next message: Alexandre Zglav: "Re: VNC Security"