Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: VoIP security

from [Anil Saini] Network Security [Permanent Link]
Subject: RE: VoIP security
Date: Sun, 24 Apr 2005 01:02:53 -0700
check with juniper netscreen security gateways. They do support ipsec tunneling for VoIP.
Anil

From: "Drumm, Daniel" <dgdrumm@bf.umich.edu>
To: "Joshua Berry" <jberry@PENSON.COM>,"Seth Art" <sethart@gmail.com>, <security-basics@securityfocus.com>
Subject: RE: VoIP security
Date: Thu, 21 Apr 2005 12:53:39 -0400

I would suggest joining the VoIP security list and learn about what's
happening with Secure RTP and other initiatives. Cisco phones can make
use of certificates, there is IPSEC encapsulation at route edges by
providers, there is MPLS Security, a whole gamut of things going on.

http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

Vomit can decode calls from a Cisco phone, provided the encapsulation is
G.711. It doesn't handle other codecs, or at least it didn't a few
months ago. The answer to most these types of issues is SRTP, although
there are other initiatives going on as well.

-----Original Message-----
From: Joshua Berry [mailto:jberry@PENSON.COM]
Sent: Thursday, April 21, 2005 9:35 AM
To: Seth Art; security-basics@securityfocus.com
Subject: RE: VoIP security

There are programs out there capable of replaying VoIP sessions:

Vomit:
http://vomit.xtdnet.nl/
The vomit utility converts a Cisco IP phone conversation into a wave
file that can be played with ordinary sound players. Vomit requires a
tcpdump output file. Vomit is not a VoIP sniffer also it could be but
the naming is probably related to H.323.

I haven't found any others but it is definitely possible.  VoIP travels
over IP and therefore can be encrypted through IPSec tunnels or other
means but I doubt most ISP's are doing that right now.

-----Original Message-----
From: Seth Art [mailto:sethart@gmail.com]
Sent: Wednesday, April 20, 2005 8:52 AM
To: security-basics@securityfocus.com
Subject: VoIP security

My coworker had an interesting question.  She had to validate her credit
card number over the phone using her social and other sensitive
information.  She has a VoIP router from her ISP.  The question: Are
the VoIP packets encrypted as they go across the wire?   Or can
someone sniffing in the right place capture all of that sensitive VoIP
traffic and reassemble her CC# and SS# from the tones? Is this somethign
that might be an issue in the future or is there already an answer out
there?

-Seth


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how to trace what is accessing the nic ?, H Carvey
Next by Date:  Re: VoIP security, Champ Clark [Vistech]
Previous by Thread:  RE: VoIP security, Drumm, Daniel
Next by Thread:  Re: VoIP security, Champ Clark [Vistech]
Indexes:  [Date] [Thread] [Top] [All Lists]