Blue Box: The VoIP Security Podcast

Synopsis: Interview with Nick Frost from the Information Security Forum about his recent VoIP security report, news of upcoming shows, VoIP security news and much more

Welcome to Blue Box: The VoIP Security Podcast show #16, a 69-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security.  This show features a 23-minute interview with Nick Frost from the Information Security Forum about his recent VoIP report. The show also includes brief segments from Irwin Lazar on an upcoming webcast, Carl Ford about VON and the usual news and comments from listeners.

Download the show here (MP3, 65MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map! Also included mention of upcoming interviews:
  • Feb 20– Per Cederqvist of Ingate systems on to talk about ‘sdescriptions’ key exchange
  • Someone on security over packet cable systems
• 04:07 - News section - update on Cambridge/MIT CRN storied covered in show #15
• 04:51 - Shawn Merdinger has a new site for VoIP outages: http://voip-outage.blogspot.com/
• 05:11 - Paper: Using An E-Model Implementation to Evaluate
  Speech Quality in Voice over 802.11b Networks with VPN/IPSec  – Alexandre Passitoand team, Federal University of Amazonas, Brazil
• 06:12 - SIP Wiki: SIP Security and SPAM Prevention
• 06:54 - VON Online: Listening to VoIP Security  (Doug Mohney)
• 07:19 - Digital Connect: VoIP Group Answers the Call
• 07:43 - Bruce Stewart over at ETel blog points to Telecom Terms and Concepts which points to a Sean Walburg article

• 08:48 - Print version of SIP Magazine: article by Erik Lagerway, article on “SIP: Enabling the Hidden Potential of VoIP”, advertisement by http://www.pbxnsip.com/ “Of course your next PBX will be based on SIP. But will it be secure?”
• 10:03 - Jajah launches new phone service  (sent in by Shawn Merdinger). Additional coverage:
• ExtremeVoIP: VOIP Startup Isn’t Quite Spyware, But It’s Close
• SkypeJournal: Shall I connect you to Microsoft?
• Turn2VoIP
• PhoneAddict
• 14:13 - Upcoming VoIP conferences:
• June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
• June 1-2, Berlin, Third Annual VoIP Security Workshop
• 15:50 - News releases:
• NetIQ: NetIQ Unveils First Integrated Systems and Security Management Solution for VoIP
• Internet Telephony: Netrake Announces Revolutionary Fixed-Mobile Security Solution
• 17:28 - Feature interview with Nick Frost from the Information Security Forum about the report the ISF released about VoIP security back in December 2005 (and mentioned on show #8). Nick, who authored the ISF report, discussed a wide range of issues including:
  • background on the ISF and what it is
  • how an organization can become a member
  • why the report was created
  • major security conclusions out of the report
  • report methodology
  • surprising findings
  • major VoIP security concerns by ISF members
  It was an interesting interview and we thank Nick for coming on the show.
• 40:33 - End of interview
• 40:44 - Irwin Lazar on his his upcoming VoIP security webcast
• 43:03 - Comment section - Aswath on NAT
• 46:31 - Dean Elwood on secure SIP client
• 47:21 - Jake Opie on transcripts
• 48:72 - Gwynn Lewis on podcaststyle.com
• 49:33 - Preview of Spring VON 2006 with Carl Ford of Pulvermedia
• 61:50 Review of the last week's traffic on the VOIPSEC public mailing list. Much discussion on a wide range of topics, including: continued discussion around Phil Zimmermann’s ideas, firewalls and NAT, configuring windows messenger 5.1 with TLS, configuring minisip with TLS, VoIP performance testing, QoS impacts due to security, CFP for Third Workshop in Berlin, tools to generate H.323 traffic to simulate attacks, request for voice analysis tools, MIDCOM info – who is using it,why you can’t just turn a firewall into a SBC
• 63:28 - Wrapup of the show:  final comments, note about flash MP3 player on the website, upcoming shows, notes about contributing, information about how to provide comments.
• 69:00 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.