Today is the last day of VON 2007. The expo booths are being torn down, and we are left with smaller groups attending classes. Fortunately, there was an admin training course that ran all day covering OpenSER. I won't bore you with the details of this implementation of the SIP Express Router. It is only a means to an end for handling the potential volume of calls that our SoftPhone project may experience once it becomes an official psu.edu service. One interesting aspect has been that the course is being presented by one of the founders of this open source project, Daniel-Constantin Mierla.
In the afternoon, I attended a VoIP security strategy panel. The participants were Joshua Morin of Codenomicon, Aaron Sipper of Reef Point, and Dan York of the VoIP Security Alliance. Reactivity in security is unacceptable as a strategy.
There were two themes that ran through the discussion.
- There are great tools out there, but most people, carriers included, are not making use of them.
- Most security plans have not taken phones into consideration. User devices are moving toward the PC model, where these devices are intelligent and therefore exploitable.
As Penn State, we really need to take the proverbial bull by the horns, and be proactive in our security tactics. Port scanning is one tool;packet watching is another. The next time you plan a new service spend the design time on security auditing. Hack it yourself to evaluate the system. Ask a friend to hack it for you. If you get compromised, the you need to share that information with the rest of the Penn State community so that we can all learn from the experiences. I will now step off the soap box. ☺
1 Comment
Leave a comment