Identity, SPIT & VOMIT
So I am at an ISSA event and we were discussing VOIP as the Wild West and a pretty fragmented space. As I look at the maturity model of the Internet vs. VOIP, I see many similarities:
1. What is it?
2. Why should I use it?
3. This is great!
4. Did we just open Pandora's box? Again?
5. How do we control/secure it?
6. What's SPAM?
7. Why are there so many bad guys out there?
These are a few discussion points of the top of my head. Since this blog focuses on Identity management, let me take you down a specific path -
How do we apply identity to devices in such a way that we know that a call is originating from a corporate owned device?
How do we know that the origin and destination numbers are who they say they are?
Is that even important?
I see the VOIP space as having to grapple with all of the same issues and then some (political) with this. Think about it - voice architects, voice infrastructure, voice support is under fire. Mix in the fragmentation of the VOIP market, do you look at VOIP or not? Who does what now - IT folks or Voice folks? How do you work that out? It'll be the North vs. the South agian. Think vendors do a lot of finger pointing when the sh*t hits the fan? Try getting these camps together...
If yes, then what? How do you remove as much risk surrounding all of the stuff we worry about in the network/data world like man in the middle, replay, SPIT (Spam over Internet Telephony) and VOMIT (Very Often Misconfigured Internet Telephony).
mark.macauley AT gmail.com
1. What is it?
2. Why should I use it?
3. This is great!
4. Did we just open Pandora's box? Again?
5. How do we control/secure it?
6. What's SPAM?
7. Why are there so many bad guys out there?
These are a few discussion points of the top of my head. Since this blog focuses on Identity management, let me take you down a specific path -
How do we apply identity to devices in such a way that we know that a call is originating from a corporate owned device?
How do we know that the origin and destination numbers are who they say they are?
Is that even important?
I see the VOIP space as having to grapple with all of the same issues and then some (political) with this. Think about it - voice architects, voice infrastructure, voice support is under fire. Mix in the fragmentation of the VOIP market, do you look at VOIP or not? Who does what now - IT folks or Voice folks? How do you work that out? It'll be the North vs. the South agian. Think vendors do a lot of finger pointing when the sh*t hits the fan? Try getting these camps together...
If yes, then what? How do you remove as much risk surrounding all of the stuff we worry about in the network/data world like man in the middle, replay, SPIT (Spam over Internet Telephony) and VOMIT (Very Often Misconfigured Internet Telephony).
mark.macauley AT gmail.com
posted by Mark Mac Auley at 5/10/2006
Get My Identitystuff Newsletter
3 Comments:
i agree with the similarities:
1. What is it?
2. Why should I use it?
3. This is great!
4. Did we just open Pandora's box? Again?
5. How do we control/secure it?
6. What's SPAM?
7. Why are there so many bad guys out there?
for me its confusing at best
LongDistance-T1.com
Many people view VoIP has you stated, 'fragmented space' and raw like 'Wild West' where anything goes. By VoIP itself is being secured as I type in this blog. Like the internet, there will always be the bad guys to haunt and hinder technological success. But if the success is greater than the bad guys, success will see the shining light. In due time, VoIP will patch and fix its holes in order to help small businesses succeed.
billy
Nationwide VPN
VOIP security issues are largely network security issues: security architectures, separating dev/test from prod, network & systems management, IDS/IPS and logging, user admin, patching, change management, config management, incident management, backups, DR and all that jazz. Rather different to managing the average PABX appliance that just sits quietly in the corner minding its own business decade after decade. Best to ignore the voice part and simply consider security for the data IMNSHO.
Post a Comment
<< Home