The Sys-Security Group

Voice over IP (VoIP) is, from the day it had been introduced, a cool technology. The security implications of using VoIP were ignored, either because of ignorance, or deliberately, for a long time.

This situation is now changing due to a wealth of information, which is now becoming available for those who are interested in the technology and with the security of it. The understanding that security is a crucial part of any deployment of VoIP is gaining more grounds. For example:

• Media coverage
• The Voice Over IP Security Alliance (VoIPSA)
• SANS Top 20 Internet Security Attack Targets now includes VoIP
• Various books (for example, Hacking Exposed VoIP by David Endler and Mark Collier. Disclaimer: I was the technical editor of the book).
• Various articles and guides available on the Internet, etc.

That said I still fear it is still not enough.

Although the mind set is changing, I still do not see it being reflected with the deployments of VoIP inside enterprises (and sometimes even at the carrier level).

How come? It is since VoIP is still regarded as a shiny new cool toy, which you can show off. But mostley because vendors would like to make customers think it is easy to deploy with no much hassle to it (and security is a big hassle).

So how is this going to change?

Like every other technology that took a big hit from its security issues and implications, VoIP will get its share as well. Media coverage, publicized incidents, and bad noise will force customers and vendors to take this into a more serious account when thinking of deploying VoIP, publishing RFIs and RFPs, demanding security as a pre-requisites, deploying VoIP, and most importantly building more secure VoIP products.

What is it that makes defining network access control (NAC) technology a difficult task for many?

Is it the fact that companies with some kind of a “prevention” technology bends the definition of NAC so they can jump the bandwagon? Or is it the fact there is no standardization or a formal definition?

I believe it is both.

According to my definition, at its basis, a network access control solution must ensure that only authorized and compliant devices are allowed to access and operate on the enterprise network.

The technologies that may be used to accomplish this task may vary. They might include element detection, network discovery, quarantine capabilities, compliance assessment, various enforcement methods, etc.

NAC brings control and risk mitigation.

Like other information security technologies, it is not the one silver bullet. It is rather an important piece in the entire security posture of an enterprise. Some may argue NAC is the basis for internal network security.

As a Mac user for the past few years I was very happy, until recently, with the quality of hardware (laptops) and software (Mac OS X) I buy from Apple.

But that had changed when I decided to buy a MacBook Pro. Writing this, I am not using the original MacBook Pro I had bought. It had to be replaced due to some display, keyboard and a bunch of other problems. On the MacBook Pro I am using now several of these problems are being experienced again. Needless to say I am not happy.

But this is only the hardware side of things. Recently there is another bad trend from Apple. It is called Software Update. Myself, and a lot of other Mac OS X users are experiencing various problems with the OS and with Applications after an OS upgrade.

At first it started when one of the security fix packages caused OS X not to boot properly. With another software upgrade some of my applications decided not to start or function properly.

My problem is not only with the quality assurance at Apple but also with the fact that in order to remedy some of these issues (software) I need to turn to web sites other the Apple’s (i.e. MacFixIt and other).

I know I am not the only one experiencing these problems, and probably that some cannot be avoided. But I would like to get back to the time when I bought my first G3 and everything just worked (my G3 laptop is still fully functional and never experienced any issues).

If Apple wants to grow, these growing pains must be resolved.

Like the rest of the world, but somehow late, I have decided to create my own blog. As a place to post my thoughts, and other stuff.