Category Archives: VoIP Security

My “Black Bag Security Review” hits IT Conversations’ Top 10 Downloads for March 2008…

itconversations.jpgI was rather surprised but pleased to see that my “Black Back Security Review” was on the list of the “Top Ten IT Conversations Shows for March 2008“. My “surprise” was mostly because that particular talk is over a year old and was given at the ETel 2007 show back at the end of February 2007.

To be honest, I was not actually aware (or didn’t remember, anyway) that the IT Conversations Network had distributed my talk but I’m guessing they did so with a number of the ETel sessions.

Unfortunately, they don’t include the slides, which I put up in the Blue Box posting and also just generally made available on SlideShare. Without the slides, I suppose it works perfectly fine.. I’ve just never listened to it that way. It was still one of the most fun presentations I’ve ever given. Also took a ton of time to prepare. 243 slides in 14 minutes… 🙂 (I did write up some notes about the presentation and the style, etc.)

Anyway, it’s cool to see people discovering that session again. Nice surprise!

Technorati Tags:
, , ,

My presentations at VoiceCon this week…

1F986311-DE40-482A-B982-3300FE408328.jpgI’m down in Orlando this week for VoiceCon Orlando and will be part of three sessions. Tomorrow, I’m moderating a panel at 8am on VoIP security and on Thursday I’m moderating a panel on open source telephony. On Wednesday, I’ll be part of a keynote panel with Irwin Lazar on “Social networking and enterprise communication”, which should be quite fun. I’ll include below the full descriptions of the various sessions. If you are attending VoiceCon and want to connect, please do contact me.

Session Title: Top VOIP Security Threats
Date: 3/18/2008
Time: 8:00 AM
Room: Osceola B
Session Description:
There’s been a lot of concern about voice over IP security, but have there been many actual exploits? This session will inform you about the state of VOIP security. You’ll learn about generalized IP attacks that have affected IP telephony systems deployed on IP networks, and you’ll also find out what VOIP-specific attacks have actually been observed “in the wild”–and what to expect in the future.
KEY QUESTIONS: * What are the most serious voice-oriented attacks that are actually being carried out? What potential attacks haven’t occurred yet but probably will before long? * How do you protect your VOIP systems against these attacks? * What types of equipment and technologies must you implement to stop voice-oriented attacks? * What specific kinds of damage can these attacks cause?
Moderator(s):
Dan York – Dir of Emerging Comm Tech – Voxeo
Panelist(s):
Sachin Joglekar – Vulnerability Research Lead – Sipera Systems
David Endler – Director of Security Research – TippingPoint
Mark Collier – CTO – SecureLogix

Session Title: Open Source for Enterprise Voice: How Much, How Soon?
Date: 3/20/2008
Time: 11:45 AM
Room: Sun C
Session Description:
Open source PBXs are gaining a higher profile: Asterisk and other open-source PBX software packages continue to gain acceptance, and some traditional PBX vendors have implemented open source code for their products. But these efforts still aim mainly at smaller implementations. In this session, you’ll learn why open source PBX software has growing appeal, and whether it will appeal to larger customers as the market progresses.
KEY QUESTIONS: * What level of market share and acceptance has open source PBX software attained? What is expected? * Which products use open source PBX software? * What are the most compelling reasons for choosing open source PBX software? What are the greatest areas of concern in making this choice? * What are the technical challenges of an open-source PBX deployment, and how are these overcome? * What are some real-world customer experiences with open source PBX software?
Moderator(s):
Dan York – Dir of Emerging Comm Tech – Voxeo
Speaker(s):
M Raza – Product Management – 3Com
Bill Miller – VP, Prod Mgt & Mktg – Digium
Tony Pereira – Business Leader Business Communications – Nortel

Session Title: Social Networking Meets Enterprise Communications
Date: 3/19/2008
Time: 10:30 AM
Room: Osceola C
Session Description:
It?s no secret that world of enterprise communications is undergoing a transformation; IP Telephony and Unified Communications are changing the nature of the game. Now new forms of interaction, which began in the consumer/personal communications market — blogs, wikis and online services like Facebook ? are migrating into the enterprise. Where do these social networking systems ? and mindset ? fit into the enterprise communications landscape? Join us for a discussion about what?s real today and what?s likely to happen in the future.
Panelist(s):
Dan York – Dir of Emerging Comm Tech – Voxeo
Irwin Lazar – Principal Analyst & Program Director, Collaboration & Convergence – Nemertes Research

Technorati Tags:
, , , , , , ,

I’ll be down at VoiceCon Orlando in March 2008…

No Jitter |.jpgFYI, I will be down at VoiceCon Orlando on March 17-20, 2008. I’m moderating two panel sessions (see the schedule). First, up, bright and early at 8am on Tuesday, March 18th, I’ll be moderating a panel on “Top VoIP Security Threats“. This should be a fun one as it has VOIPSA Chair Dave Endler, Mark Collier of SecureLogix and Sachin Joglekar of Sipera Systems. I know all three of the guys, particularly Dave and Mark who have both worked on VOIPSA matters, and this session should be a good bit of fun. I’m planning on making it a rather interactive session. 🙂

At the other end of the show, on Thursday, March 20th, at 11:45am, I’ll be moderating a panel “Open Source for Enterprise Voice: How Much, How Soon?“. This would should be interesting because it has Bill Miller from Digium (makers of Asterisk), who I know well, and M Raza from 3Com… and then Tony Pereira from Nortel! 3Com’s presence on the panel isn’t particularly surprising given their relationship with Digium, but it will be interesting to see Nortel’s view on the matter.

All in all it should be quite an interesting show. Lots of good sessions and, I’m sure, interesting people to meet. If you’re going to be down there, please do drop an email as I’m always interesting in meeting readers of the blog.

Technorati Tags:
, , , , , , , , ,

IETF “RUCUS” BOF to be held about SPIT…

Over on the Voice of VOIPSA blog today I posted about a new session has been approved for the IETF 71 meeting coming up in Philadelphia in March called “Reducing Unwanted Communications using SIP” a.k.a. “RUCUS”.Hannes Tschofenig, who submitted the proposal, has created a RUCUS web page and is looking for feedback. I’m planning to be at the RUCUS session at IETF 71 and would encourage others who want to talk about voice spam / SPIT to join in as well!

Technorati Tags:
, , , , , , , ,

I’ll be speaking at Ingate’s SIP Trunking Seminars at IT Expo in Miami next week

button_Miami08.gifIf any of you will be in Miami next week for Internet Telephony Expo, I will be speaking on VOIPSA’s behalf at Ingate’s SIP Trunking Seminar Series held in conjunction with IT Expo. Predictably, my session from 8:30-9:45am on Thursday, January 24th is titled “Seminar/myth 1: VoIP is not secure“.

If you are going to be down at IT Expo, do check out the full schedule for Ingate’s SIP Trunking Seminar Series. They have a good range of speakers and the seminars are free.

If any of you are attending either IT Expo or the SIP Trunking Seminar Series, please do drop a note as I’m always interested in meeting readers.

Technorati Tags:
, , , ,

My interview on PulverTV today…

200710301421Today at Fall VON in Boston, Jeff Pulver hosted a special version of his Pulver TV show where he interviewed a number of people from the conference including me. First up was Jason Calcanis of Mahalo fame. Next was James Tagg, Founder and CEO of TruPhone. I followed and then the show wrapped up with Bob Frankston who is perhaps most widely known as one of the inventors of VisiCalc.

200710301433-1My part of the show starts at 14:30 and goes until 23:24. (When I nicely leave the stage without taking off the lapel mic! Oops! Sorry about that… ) We talked about my presentation at VON (on Thursday), application platforms like Facebook, my new role with Voxeo, social media in general and much more. It was a good bit of fun to do and I have to thank Jeff for giving me the opportunity to participate.

Technorati Tags: , , , , , , , , , ,

Skype and secure SIP? (Why would I see this message?)

200710261520Whenever I’m using Skype, I have the “Display technical call info” setting enabled so that I see technical stats about the calls I am on. Those windows tend to stay around after a call… and I noticed this one still around with an identity of “securesip”. (click on the image for a larger version) I’ve tried to replicate this with calls that I’ve recently made to see if I could get the window again, but can’t seem to do so. Anyone know why I might be seeing this?

I’m curious…

Technorati Tags: , ,

Heading to New York today for Interop… speaking tomorrow on VoIP Security

200710240512In a few hours I’ll be boarding a plane back to New York where I’ll be attending Interop New York this afternoon and tomorrow. If any of you reading this will be there, please do drop an email. Tomorrow, I’ll be on a panel at 2:45pm with Jonathan Rosenberg about “Voice-oriented Attacks”. (Side note to Interop: Please make it so that we can link to individual sessions instead of having to link to the entire list of “security”-related sessions!) If you aren’t aware of who Jonathan Rosenberg is, he works for Cisco and is a huge contributor to IETF efforts related to SIP and in fact was one of the co-authors of RFC 3261 which is the primary RFC defining SIP. He’s also the author of “The Hitchhiker’s Guide to SIP” which aims to help guide people through the maze of the many, many documents that now are part of “SIP”. More relevant to tomorrow’s session, he’s also the author of a series of NAT traversal protocols for SIP, namely STUN, TURN and now ICE. Eric Krapf, the moderator of the session, is aiming to make it a more interactive and discussion-focused session (i.e. no slideware-to-death)… we’ll see if we can make it fun as well. I’ve also asked Interop for permission to record it and run it as a Blue Box podcast – we’ll see if they give me permission.

Note that if you are a CISSP, the ISC2 is holding a member reception today (Wednesday October 24, 2007) starting at 5:30 PM in Jacob Javits Center Room 1EO2 – LEVEL 1. Assuming that everything works with my flights today, I’ll be there.

I’ll even have some new business cards to give out… 😉

Technorati Tags: , , , , , , , ,

Heading out to Astricon 2007 next week to talk on VoIP security…

200709210957Well, I just confirmed my travel schedule – I’m going to go have a bit of fun out at AstriCon 2007. AstriCon, for those who aren’t aware, is pretty much the premiere event for Asterisk developers. I’m scheduled to speak on Thursday about (surprise!) VoIP security. My talk is an “industry perspective” in my capacity as a board member of the VOIP Security Alliance and won’t be specifically Asterisk-focused, although I will include a few pieces about what you need to think about with Asterisk and the holes that Asterisk still needs to fill (like, oh, SRTP, which I know is coming). I know Mark Spencer and a good bit of the Digium crowd, so it will be fun to hang out with them (especially given my new independent status).

If any of you reading will be out there, please do feel free to drop me a line so that we can connect.

P.S. After AstriCon, I’ll be heading over to the Podcast and New Media Expo in Ontario, CA. If any of you will be there, please do drop a note as well.

Technorati Tags: , ,