Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Securing VOIP?

From: "Shawn Duffy" <sduffy () xecu net>
Date: Mon, 15 Oct 2001 19:18:26 -0400
Your provider is correct.  PRI is a switched service provided by HIS/HER
side.  The only way that data (we are talking about Internet traffic
from the providers side) can get through is by the provider allowing it.


My guess is he is providing you B channels directly from the provider's
own PBX.  This means that he is hooking you up to PHONE services only.
I bet he hasn't thought of you using the channel for dial into an analog
modem...  Even so, the issue would be with the terminating modem on your
end.
More likely you are running a digital service and cannot hook an analog
modem to your phone set.

Clear as mud now?
Hope this did help.

--
Shawn Duffy, CISSP
 
 


-----Original Message-----
From: reberc () post ch [mailto:reberc () post ch] 
Sent: Monday, October 15, 2001 11:13 AM
To: pen-test () securityfocus com
Subject: Securing VOIP?


Hi 

I have to review our concept for implementing VOIP. I have to make sure,
that all security issues are covered. If anybody could give me some help
on this question:

Our provider says, that we need no firewall for VOIP because our Voice
Gateway receives only PRI requests/transfers. He says that it is
possible to restrict the Voice Gateway for only PRI-Traffic and that it
is impossible to bring data along with PRI. The PRI is always converted
to voice. Now I have seen, that you can send Voice, Video and Data on
PRI. Is it really necessary to have an Firewall between our CallManager
and Voice Gateway or can I trust the provider and be sure, that nothing
else (IP-Transfers) is coming over this line? 

Many thanks in advance!

Claudia Reber
IT-Security Officer

Die Schweizerische Post
Information Technology Services
IT5 IT-Security
Webergutstrasse 12
CH-3030 Bern (Zollikofen)

Tel:    ++41 (0)31 338 16 44
Handy:  ++41 (0)79 211 01 48
Fax:    ++41 (0)31 338 74 92

e-Mail mailto:reberc () post ch

visit our homepage:
http://pww.post.ch/oe/IP/corp//index.htm (intern) http://www.post.ch 
(extern)



There was a belief that it was going to be easy. They were wrong!


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see: https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: