On Nortel's VOIP Security blog, Stephen Varty of the company's R&D labs has a post explaining why eavesdropping on VOIP calls may not be as easy as you think.
On Nortel's VOIP Security blog, Stephen Varty of the company's R&D labs has a post explaining why eavesdropping on VOIP calls may not be as easy as you think.What it comes down to, according to Varty, is that if you're an attacker trying to capture packets traveling across a network, you may find it difficult to positon yourself in the middle of a conversation in such a way that all the packets you need to capture will, in fact, pass before you. Therefore, he suggests, if eavesdropping is to occur, its likelihood may well skew towards more of an insider attack--i.e.,somebody who has access to one of the endpoints of the conversation, before the signaling and media packets are all broken up to go their various ways across the network.
Varty recommends the following actions be implemented to reduce the risk:
port based network access control,
VLANs,
signalling encryption such as TLS for SIP, and where available,
media encryption such as SRTP.
I'd just add that, since right now most enterprise VOIP islands are connected via carrier leased lines or services like MPLS, eavesdropping shouldn't be an issue to a great degree. But if the Internet starts to be used more--say, if teleworking starts to balloon in response to gas prices--then more companies may look at encryption of both the signaling and the bearer traffic.
I'd just add that, since right now most enterprise VOIP islands are connected via carrier leased lines or services like MPLS, eavesdropping shouldn't be an issue to a great degree. But if the Internet starts to be used more--say, if teleworking starts to balloon in response to gas prices--then more companies may look at encryption of both the signaling and the bearer traffic.