Voice over IP (VOIP) aka Broadband Telephone, is to the point of maturity and beyond geeks and early-adopters. With fixed low monthly pricing and many features that you expect and need it may be time to consider VOIP. According to one report there are more than 17 Million VOIP Users. The testing is long over with. It's now safe to save money using VOIP. Many marine/motor yacht owners, captains, or crew; may not be aware that your VOIP phone number can travel with you wherever you go. If you don't have high speed while under way or during crossings you can link it up as soon as you reach Cellular Broadband or WiFi range from land. With some systems this can be a few (to many) miles off the Cellular or WiFi spot. As soon as you link up your phone number lights up on the grid. You can call and you can be called. VOIP is not a company name but is the more technical name for what is these days called Broadband Voice or Broadband Telephone Service.

---

VoIP security, PGP style
 
By Amy Storer, News Writer
09 Aug 2005 | SearchEnterpriseVoice.com 
 
Phil Zimmermann, cryptographer and creator of the popular Pretty Good Privacy (PGP) e-mail encryption program, is addressing what he deems a genuine need for IP voice encryption.

Zimmermann last week unveiled Zfone, a prototype VoIP encryption application designed to prevent eavesdropping, and is now looking for investors to expedite Zfone development for enterprise usage.

He spoke with SearchEnterpriseVoice.com about the new VoIP encryption software, why his phone privacy protocol could trump all others, and ultimately, why enterprises should pay attention.
  
Phil Zimmerman
 
Is the VoIP security threat real or overblown?
Phil Zimmermann: It's real because the Internet is rife with sophisticated attacks from organized crime. In fact, it's been said that an unprotected Windows PC can be taken over by hostile software within 12 minutes of being connected to the Internet. Our phone calls have enjoyed a paradise of security for a century on the Public Switched Telephone Network, but all that will change when we cast them out of that paradise into the inferno of the Internet.

More at: http://searchenterprisevoice.techtarget.com/qna/0,289202,sid66_gci1114340,00.html

---

There is a lot o Talk about Voip Security
By Alan Spicer, Alan Spicer Telecom

Just put "VOIP+Security" in a www.google.com search and lots of articles will pop up. There is a lot of concern over security issues for what some call Broadband Voice, which replaces the old standby land line telephone services (techy talk called: POTS - Plain Old Telephone Service) for land based users and can replace landline and more expensive Satellite and Cellular (particulary roaming charges) services used on mobile platforms such as Marine/Motor Yachts. I don't think there has as of yet been any kind of known attack on an end user with Broadband Phone Service. Phil Zimmerman claims calls can be intercepted and recorded in the same way that people record music or video and organized for playback by date and time, etc. There is also concern over the Voip Providers themselves being subjected to attack.

There's an organization called Voice over IP Security Alliance (VOIPSA) with a web site on http://www.voipsa.org/. They've got some key industry players as members and they aren't the only ones looking into VOIP Security. This will hopefully result in some standards being developed and accellerated to market by companies that provide Broadband Telephone Services. The typical end user isn't likely to have to do anything other than later on they may have to upgrade software on ATA adaptor boxes or VOIP telephone units as the standards emerge.

I don't think the security concerns are hype but I don't think either that typical end Broadband Phone user is in immediate danger. I would think that in order for someone to intercept your broadband telephone calls they would have to be on your network (your ISP's network). That doesn't just mean being another customer on your ISP, it means being more at the core of your ISPs network. Another subscriber would not have access to Internet traffic that you send because it doesn't pass by them at all. They would have to have compromised network equipment or a host computer on your ISPs network somewhere where they could packet sniff your traffic. On average I don't think that's very likely. Their other option would be to be somewhere inbetween. What they call man-in-the-middle attack. Internet traffic doesn't just flow everywhere or echo everywhere. It isn't that kind of party line for that kind of easy listening. Backbone traffic passes between multiple peered backbone providers and ISPs connected to them. This traffic, for example, doesn't flow out onto other ISPs that it is not intended for. So you couldn't be on AT&T Internet and get a hold of my traffic from Bellsouth.net. You'd have to have access to some pretty core backbone stuff to get traffic that wasn't intended for your own Internet Connection. Otherwise it just doesn't work that way. They say that you are more secure on POTS landline connections than with Internet VOIP. But then again that depends on what kind of either physical or TELCO (telephone company) access someone has. If you're still on copper pair telephone lines it wouldn't be too difficult for someone with physical acess to your premises or to your "copper pair" from a little bit further down the road. It's just a matter of "jacking in" somewhere where it's still an analog signal. Further down the road there are copper pair (pair gain) devices and T-Carrier or Sonet/SDH - Fiber Optic centers which combine A LOT of telephone lines into a bulk carrier for the ride back to the CO (Central Office). If someone's getting in there then local TELCO better know about it. ...Back to VOIP, the similar types of physical access (being on your Local Area Network, especially an office) or having had your computer compromised by a Virus/Worm/Backdoor that allows remote control to your Internet Connected Personal Computer. That would be bad because that could put the bad guys on your local network where they could get at the Broadband Voice (VOIP) traffic. That would not be good. Be even without VOIP Telephony that situation would be just plain very bad. Short of that I don't think someone is going to hijack your VOIP calls going over the Internet.

Note: I also realise that many locations may have T-Carrier or better (Leased Line, Leased Circuit) Voice Service on the Landline side and therefore would already have the bulk carrier type of connection at their premises. Someone would have to have access to pretty sophisticated equipment to be able to break that out to individual lines or telephone conversations.

Now for attacks against the end devices themselves, again ATA analog to VOIP adaptor boxes or VOIP Telephone hardware, and even Software Clients I haven't even had a hard look at how these devices could be attacked on their native ports. I'm sure the VOIP Security Experts are looking into this. In order for things like VOIP to work (as well as many services via the Internet) certain PORTS (that have a number, like SMTP mail is 25, Web HTTP is 80) have to be open and accepting connections. In order to take incoming calls your VOIP client (be it hardware or software) has to be listening all of the time on certain port or port(s). You also make outgoing calls by connecting to your VOIP Provider on certain Internet Addresses (IP or a Host Name) and certain port or port(s). Whenever there are gadgets or software out there listening and willing to accept connections on particular ports then bad guys may want to exploit or take advantage of that. The bad guys with software, and viruses/worms, scan IP Addresses looking for things that are listening. The next bad thing(s) coming could be the scanning for Broadband Telephone (VOIP) end points (customers) on the Internet.

Well that's all I have to say for now. If I'm wrong about anything, I'll take corrections and criticism. Feel free to mail me. There are groups taking a much harder look at the security issues for VOIP than I have at this point.

The following  government report was sighted on the net as well.

Please contact us for information or for a quote: Telephone Numbers are: 954-683-3426 mobile, or 954-977-5245.

Thank You.