Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Thoughts on VoIP, Holiday recommended reading - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Thoughts on VoIP, Holiday recommended reading
Well, it was a very quiet Sunday. I guess all the miscreants were out Christmas shopping or something. Oh, well. That gives me opportunities for rumination (as if I needed an excuse).



Thoughts on VoIP

One of the hottest technologies out there today is voice-over-IP or VoIP. It seems like everyone is trying to get in on the act. At this point, I should probably include the disclaimer that my current employer is one of those players, though I have nothing to do with that part of the company. The idea is to use the broadband internet connections (cable or DSL) that are so prevalent today to carry telephone traffic for consumers. Now it should be noted, that a lot of voice traffic is carried over the internet already, but that isn't the point of my discussion today. VoIP has actually been around for a number of years, but only in the last year or two has the quality improved to the point where it is, in my opinion, ready for "prime time" and the evidence can be seen by the some of the major telecoms getting in on the act. Okay, I didn't join the '90s and get my own domain until 2002, but I hopped on the VoIP bandwagon this weekend. As a security guy, I'm concerned with what weaknesses are going to be found in the protocols used for VoIP and what attacks we're going to see against those adapters in the next year or two. There are already folks working on technologies to combat spam over internet telephony (SPIT). I hope they get here quickly. Some of the vendors recommend that the adapter be placed between the cable modem and the router/firewall. I assume this recommendation is for quality of service (QoS) reasons, so the adapter can give priority to voice traffic over, say, web browsing (we wouldn't want our shopping on E-bay to cause our phone conversation to break up), but the thought of any device on my connection outside my firewall makes me very uncomfortable. Fortunately, we're starting to see the adapter integrated into the router (and, in some cases, wireless access point). We'll just have to wait and see what is going to happen here. 2005 should be an interesting year.



Holiday recommended reading list

Here are a few of my favorite books if you are looking for some reading material over the holidays.



_The Tao of Network Security Monitoring_ by Richard Bejtlich

The entire _Hacking Exposed_ series. I'm just beginning what I believe is the latest in the series (at least I just noticed it), on computer forensics.

_Malware: Fighting Malicious Code_ by our own Ed Skoudis (with our own Lenny Zeltser) :)

_Know Your Enemy_ by the Honeynet Project

_Incident Response & Computer Forensics_ by Mandia, Prosise, and Pepe



Final thoughts

In my last diary entry, I asked for thoughts on conferences, books or websites that our readers liked for keeping up with current research. I only got one response on a conference and a few responses of web sites that people watch for daily news, but none that pointed me to current research, but that's okay, I continue to look. I will summarize in my next diary entry. Since this is likely my last diary entry of the year, I'll take this opportunity to wish all our readers happy holidays.



----------------------------------

Jim Clausing, jclausing at isc dot sans dot orgI will be teaching next: Malware Reverse-Engineering Challenge - SANS Northern VA Fall- Reston 2019

Jim

407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!