Here is a link to an interesting discussion about SIP security on NoJitter.
http://www.nojitter.com/blog/archives/2009/06/unsecure_ipsip.html
I don't agree that eavesdropping on calls is the biggest security issue for SIP (or VoIP for that matter). The biggest issues enterprises will see on SIP trunks are the same application issues (toll fraud for example) that they have been seeing for years. As far as SIP/VoIP-specific issues, the various forms of DoS, including floods and fuzzing will be the biggest issue.
The discussion talks in depth about using encryption, including TLS for SIP and SRTP for RTP. Using these protocols will definitely improve security, but as pointed out in the discussion, they create as many issues as they solve. I doubt we will see widespread use of encryption for SIp/VoIP for a long time.
Blogs are so informative where we get lots of information on any topic. Nice job keep it up!!
Posted by: Sports Dissertation | November 17, 2009 at 07:29 AM