* Readers respond to article on VoIP and encryption, Part 2
In continuing our discussion of VoIP and the degree to which encryption is needed, we heard from several readers.
One reader wrote, admittedly with a smiley attached, “A layoff in the IT department may lead disgruntled ex-employees with access to the right resources to eavesdrop conversations from the executive level about their planned merger. Of course I am stretching it a bit to make my point.”
Yes, such eavesdropping is a possibility, but the same is true of traditional telephony.
This theme was repeated by other respondents as well. A reader wrote:
“The article used the precedence of the lack of encryption of analog PSTN with VoIP. My view is that VoIP is in fact ‘inherently unsecure’ because so many people have access to the LAN infrastructure before it goes across the WAN. Most protocol analyzers can render a VoIP capture into an audio file for playback. Free protocol analyzers, like Ethereal, can playback any G.711 codec call which is almost universally used in the corporate LAN.
“Therefore, the security focus is in the LAN, not the WAN. It’s an apples-to-oranges comparison to ask PSTN service providers if their customers express concern with WAN encryption.”
A couple of clarifications are in order here. Indeed, perhaps we did mix apples and oranges a bit with regard to access networks vs. infrastructure networks. But just because VoIP traffic traverses a LAN, that does not necessarily make it any less secure than traditional voice traversing a twisted pair to a wiring closet.
In both cases, the potential eavesdropper must have access to the infrastructure. We’re betting that there is virtually no “thin-net” coaxial Ethernet still in place, and LAN switches have replaced hubs in most cases. So long as the Ethernet is switched, the data available “on the LAN” only passes between the sender and the receiver. That’s the whole point to moving away from shared-media LANs. (This transition was made mostly for performance reasons – as opposed to security – but the result is the same.) To “tap” the LAN traffic, one must have access to the LAN infrastructure.
Wireless LANs, of course, are a topic for yet another day. But remember that our answer will probably be related to using wireless encryption standards for all traffic.
Here’s our original story on VoIP encryption: http://www.networkworld.com/newsletters/converg/2005/0620converge2.html?rl




