Voxilla's Eric Chamberlain has a piece out on the insecurities of VoIP.
His focus on the hardware side of things at the end is a starting point, but the network issues remain the core attack point. I'm sure when he returns Ken Camp and also Dan York can provide a lot more insight to the issue that Chamberlain has once again opened a door on.
Back in the summer, when I did a series of webinars for ZDNet the subject of VoIP Security was one that was emphasized. It may provide some added perspective, but what I'm really sure of now, as I was then, is the problem remains rooted in how secure the network is, not just your VoIP implementation.
Andy,
Dustin Trammell commented over at "Voice of VOIPSA" on the original ComputerWeekly article shortly after it came out:
http://voipsa.org/blog/2006/11/10/voip-security-not-all-that-difficult/
and I haven't yet posted any other opinion. In the Voxilla post you point out, Eric Chamberlin takes that ComputerWeekly article to task for not focusing on better authentication for phones. There's a longer article on that that should be written - and probably what I'll do is write it with a trackback to here. Definitely a worthwhile discussion to have. Thanks for raising the profile.
Thanks,
Dan
Posted by: Dan York | November 15, 2006 at 01:00 PM