We can’t put the genie back in the bottle, but it seems to me that the Voice over IP (VoIP) industry is in need of security training and improvements.
There’s been much noise over VoIP security lately, though not much of the what’s been voiced is new or innovative. Much of it just parrots old advice: segment the network traffic and install a VoIP firewall.
The fact that VoIP security discussions haven’t advanced much beyond what applies to ordinary networking is a sign that a lot of new education is needed.
Some think education alone is not enough. For example, Stephen Northcutt, Director of Training and Certification for the SANS Institute, thinks that the whole technology needs a major overhaul.
“If I had my way, I would have the creators of VoIP stop everything and redesign this with security in mind from the get-go.” Northcutt said in a recent interview.
IT professionals need to understand the nature of the VoIP traffic on their networks. VoIP is much more than just another real-time LAN application and securing it requires broader security methods.
Overver the coming weeks, Voxilla will take a close look at VoIP security with our upcoming three part series on VoIP confidentiality, integrity, and availability.
And, we’ve launched a Voxilla forum dedicated to VoIP Security issues in hopes of fostering positive discussions over these issues. Come and visit.