Blue Box: The VoIP Security Podcast

Synopsis: Tutorial on SPam over Internet Telephony (SPIT), discussion around Microsoft and Cisco's competing network security proposals (NAC vs NAP), VoIP security news and much more

Welcome to Blue Box: The VoIP Security Podcast show #18, a 36-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security.  This show features a mini-tutorial on SPam over Internet Telephony (SPIT) and includes a guest commentary from Rick Robinson. The show also includes a brief discussion of the different competing architectures put forward by Microsoft and Cisco for controlling access to the network.  The show also features the usual news and comments from listeners.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 03:20 - A note about the dates we put at the beginning of shows
• 04:10 - Burton Group/Cisco webinar  – recording available  (but you seem to have to have been already set up with Interwise’s software)
• 05:07 - TMC.Net: Patton Electronics: New SmartNode VoIP More Secure
• 05:31 -SANS/Nortel webcast on Wednesday about VoIP security  (someone from TippingPoint in there as well)
• 06:08 - If you like this podcast, you may also like Steve Gibson's "SecurityNow" podcasts, and in particular these:
  • How the Internet Works, Part 1
  • How the Internet Works, Part 2
  • How Local Area Networks Work, Part 1
• 08:39 - Upcoming conferences - anyone interested in reporting from Berlin?  (Who will already be there)
• 09:32 - Introduction into our tutorial on SPam for Internet Telephony, aka "SPIT".
• 10:33 - Commentary on SPIT by Rick Robinson
• 14:07 - Further discussion and examples of SPIT
• 21:19 - Discussion on different competing architectures from Microsoft and Cisco related to network access, primarily building on this Network World article: Microsoft, Cisco, not in sync on security
• 27:04 - Comments - Vash-media: security podcasts
• 28:54 - Review of the last week's traffic on the VOIPSEC public mailing list. Large amount of interesting traffic on topics including:
  
  • Using VoIP over SSL VPNs
  • tunnelling all traffic over IPSEC versus separately encrypting signalling and media
  • which vendors are really using SRTP in their phones
  • using softphones with TLS and OpenSER
• 31:07 - Note that all Emerging Telephony shows have now been posted
• 31:24 - Question for the audience: we have been approached about more formally tying the show to the VoIP Security Alliance (VOIPSA)? Is this a good thing?  bad thing? does anyone care?
• 33:11 - Looking for some folks interested in coming on the show to debate whether or not you should firewall off IP-PBXs from the internal network - interested in joining the PRO or CON side of the debate?  Email us and let us know.
• 34:45 - Wrap-up, info about how to leave comments, upcoming shows, etc.
• 35:57 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.