You should probably also consider the risks of sniffing as this tools shows: http://vomit.xtdnet.nl/ The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. The phone conversation can either be played directly from the network or from a tcpdump output file. Vomit is also capable of inserting wavefiles into ongoing telephone conversations. Vomit can be used as a network debugging tool, a speaker phone, etc ... http://vomit.xtdnet.nl/ On 15-Oct-2001, rebercat_private wrote: > Hi > > I have to review our concept for implementing VOIP. I have to make sure, that all security issues are covered. If anybody could give me some help on this question: > > Our provider says, that we need no firewall for VOIP because our Voice Gateway receives only PRI requests/transfers. He says that it is possible to restrict the Voice Gateway for only PRI-Traffic and that it is impossible to bring data along with PRI. The PRI is always converted to voice. Now I have seen, that you can send Voice, Video and Data on PRI. Is it really necessary to have an Firewall between our CallManager and Voice Gateway or can I trust the provider and be sure, that nothing else (IP-Transfers) is coming over this line? > > Many thanks in advance! > > Claudia Reber > IT-Security Officer > > Die Schweizerische Post > Information Technology Services > IT5 IT-Security > Webergutstrasse 12 > CH-3030 Bern (Zollikofen) > > Tel: ++41 (0)31 338 16 44 > Handy: ++41 (0)79 211 01 48 > Fax: ++41 (0)31 338 74 92 > > e-Mail mailto:rebercat_private > > > > visit our homepage: > > http://pww.post.ch/oe/IP/corp//index.htm (intern) > > http://www.post.ch (extern) > > > > > There was a belief that it was going to be easy. They were wrong! > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 21:31:58 PDT