Security & VOIP

Have to give a presentation on some of the choices for VOIP protocols that we may begin to use. I was wondering what your thoughts were concerning VOIP protocol security issues. I need some specifics however and it would help if you were actually working in the VOIP area and understand how VOIP works. Need this on the quick.
netmandoAsked:
Who is Participating?
 
TooKoolKrisCommented:
Well we are currently trying to come up with a VOIP solution ourselves for terminating multiple concurrent connections and then routing them into other LANs. Security for what we are doing is of some concern but not a lot due to the fact that we work with public data anyway. However I did do a little research in the area previously and from what I remember you really only have about 3 protocols to consider. H.323, SIP and MGCP. I would imagine you are either using H.323 or SIP as they are more popular. I would recommend H.323 to you if are more concerned with security, as it is the more comprehensive protocol. I’m pretty sure that H.323 can support authentication via IPSEC as well as provide for encryption. IMO you need to have a good level of encryption with your VOIP traffic because it’s protocols are easy to distinguish and therefore easily sniffed out by interceptors who can then reassemble the packets and sort of “tap the line” so to speak. Here are some links to some decent papers on the subject.

SANS Reading Room
 http://www.sans.org/rr/catindex.php?cat_id=64

Managing VOIP Solutions
http://www.concord.com/forms/createform.asp?formnum=508

Good VOIP Web Site
http://www.voiptimes.com/index.html

Have Fun
0
 
netmandoAuthor Commented:
Thanks TooKool, this is what I was looking for, good links and thanks for the quick reply.
0
 
TooKoolKrisCommented:
You're welcome
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.