Blue Box: The VoIP Security Podcast: Blue Box Podcast #24: Supersized show - VoIP security news, 2 interviews, comments and much more

Synopsis: Super-sized edition - Two interviews, one with David Schwartz, CTO of Kayote networks and one with Rodolfo Rosini, CEO of Cellfire Security. VoIP security news, opinions and many comments from listeners, along with a way to potentially win a copy of a new book on VoIP security.

Welcome to Blue Box: The VoIP Security Podcast show #24, a 109-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also features a 38-minute interview with David Schwartz, CTO of Kayote Networks about his perspective on the IETF meeting in Dallas in March and SIP Identity and SPIT as well as another 18-minute interview with Rodolfo Rosini, CEO of Cellfire Security about his new startup.

This show is extra-large this week because there will be no show next week due to vacation travel and we wanted to make these interviews available.

Download the show here (MP3, 100MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also mentioned our new promotion - anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O'Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
04:04 - Discussion of the "IP Telephony Solutions for Government" show where Dan spoke last week in DC and where he was able to spend some time with listener Craig Bowser.
07:28 - Mention of the book promotion, audio comments via Waxmail, vacation plans and an impending visit to the Podcast Academy at Boston University
09:40 - Tutorials in May - would you be interested in participating?
12:16 - General Dynamics Sectera vIPer secure phone
12:56 - Federal Computer Week: Army using VoIP in the battlefield
15:14 - ITWales: Keeping the VoIP house in order (Jonathan Zar article again! Not in Welsh, though…)
16:46 - EFY News: Juniper Introduces Solution to Enhance VoIP Security
17:34 - ZDNet UK: Security report sponsorship defended (should report on security be sponsored by security companies?)
21:17 - TMC.Net: Deploying Secure VoIP in the Small Enterprise (by Bogdan Materna)
21:42 - VoIPLoop: Does VoIP Need Encryption? (by Irwin Lazar)
25:02 - Realtime VoIP: Ken Camp wrote a VoIP and Firewall paper
25:38 - VoIP News: Tom Cross on VoIP Security Series: Part One – The Server
26:16 - Skype Journal: FT: Zennström confirms Skype filters text; questions he would not answer points to Financial Times article
28:18 - Gary Audin at VoIPLoop on Sox Compliance (tip of the hat to Irwin Lazar)
30:45 - beta-dot: Narus Helps Countries to Block VoIP
32:14 - New blogs:
- Telecom, Security and P2P
- VoIPLoop
33:36 - Westcon Group and Sipera announce global distribution agreement=
33:58 -UHS Broadens Availability of IP-Based Alarm Monitoring in the U.S.
34:43 - Upcoming shows:
- April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference (I’ll be speaking)
- Interop, April 30-May 5, Las Vegas (anyone going?)
- June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
- June 1-2, Berlin, Third Annual VoIP Security Workshop
37:08 - Feature interview with David Schwartz of Kayote Networks. In this 38-minute interview, David discusses:
- The background and products of Kayote Networks
- Why he believes SPIT is more of a concern than many others view it as
- SIP peering, business models and security issues
- His perspective on attending the IETF meeting in Dallas last month, and specifically issues discussed there around SPIT and SIP Identity
- An explanation of the proposed SIP Identity mechanism
- His views on why "policy" is incredibly important
- The dangers lurking in SIP routing and how unprotected it is
This is the second part of our IETF-related interviews (the first was in show #22) and we hope this has given you a good perspective on what occurred at that meeting.
74:48 - Comment section and review of quick comments from Shawn Merdinger, Martyn Davies, Mark Collier and Craig Bowser
75:10 - Albert Maruggi on how the medium has impacted our business
80:02 - Leslie Asamoa-Krodua on identity management
81:49 - Martyn Davies on show format
83:11 - Kand Palanisamy on show format
84:20 - Dan Wing with a slight correction to his slides (also note that IETF changed the URL after I uploaded the show notes – thanks to Irwin Lazar for catching that)
85:26 - J.Stein on episode 22
86:18 - Feature interview with Rodolfo Rosini, CEO of Cellfire Security, a startup focused on VoIP security with a particular focus on cell phones. He provided a background on the company, its product that is now entering beta, the survey they recently concluded and the fact that they are hiring in London and San Francisco.
104:39 - Review of the last week's traffic on the VOIPSEC public mailing list. Discussion around client authentication, Cisco-specific tools, reviews of the Practical VoIP Security book, SOX compliance, managed security service providers and much more
106:49 - Wrap-up, info about how to leave comments, upcoming shows, etc.
109:00 - End of show