VOIP::Security
Security concerns with VOIP & SIP are discussed at:
http://www.eweek.com/article2/0,1759,1734367,00.asp
Response from a Cisco CCIE security engineer:
My opinion is that in the enterprise, voice spam will be no worse or better than
data spam. With our solution, all spam (either voice or traditional email) will be
filtered or stored based on administrative storage policies on the email message
stores. I think the bigger problem will be with SIP phones and Internet Telephony
to the home, where there are NO corporate policies in place to control the amount
or type of email that gets sent to the home email user.
In regards to the other issues, in particular the DDoS attacks and other network
attacks, Cisco addresses those with our defense in depth approach to securing the
entire network infrastructure. The specific attack mitigation strategies and
deployment guidelines are detailed in the SAFE Whitepaper, SAFE: IP Telephony
Security in Depth. This whitepaper can be located at:
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safip_wp.pdf
I'd also like to mention the Network World article regarding the voice security
testing of a Cisco IP Telephony infrastructure. By building a secured
network infrastructure, Cisco IP Telephony was the only IP Telephony system
to be rated "Secure" by Miercom, which provided the testing for the Network
World article. Details of the test can be located at:
http://www.nwfusion.com/reviews/2004/0524voipsecurity.html