This week’s Computerworld has an interesting article on VoIP security.
The article states: “NIST made nine recommendations for implementing VoIP in a secure manner. For example, the report calls for IT managers to build logically separate voice and data networks. Another recommendation is that “if practical,” PC-based VoIP softphones shouldn’t be used in deployments in which either security or data privacy is a priority.”
No not to nitpick here, but are any of your “traditional” voice networks secure or hardened? How many locations have junction boxes on the outside of the building within easy reach? How is it easier to crack an WEP encrypted cordless VoIP call that to pick up an unencrypted corldless phone – our baby monitor used to pick up a couple of my neighbor’s when we live in apartments! Now that I think of it, all of my neighbors’ phone lines ran through my basement in that same apartment.
I think it is excellent that someone’s thinking about these issues. It’s probably applicable for the FBI, but not for your average Joe reading Computerworld. I know my current phone system doesn’t have nearly the security levels they talk about in the 99 page report. So let’s keep it all in perspective, OK?