RE: VoIP security

["David" <david () clicksee net>]

This article addresses your questions pretty specifically:

As with traditional telephony, eavesdropping is a concern for
organizations using VOIP-and the consequences can be greater, says
Charlie Rabie, a vice president at Aspect Communications Corp. in San
Jose. Aspect is a provider of software and services for implementing
VOIP, traditional telephony and other communication services. 

Because voice travels in packets over the data network, hackers can use
data-sniffing and other hacking tools to identify, modify, store and
play back voice traffic traversing the network, Kemmerer says. 

A hacker breaking into a VOIP data stream has access to a lot more calls
than he would with traditional telephone tapping. As a result, "one of
the big differences is that a hacker has a much higher probability of
getting intelligent information" from tapping a VOIP data stream than
from monitoring traditional phone systems, Rabie says. 

From:
http://www.computerworld.com/securitytopics/security/story/0,10801,74840
,00.html

-----Original Message-----
From: Seth Art [mailto:sethart () gmail com] 
Sent: Wednesday, April 20, 2005 8:52 PM
To: security-basics () securityfocus com
Subject: VoIP security

My coworker had an interesting question.  She had to validate her
credit card number over the phone using her social and other sensitive
information.  She has a VoIP router from her ISP.  The question: Are
the VoIP packets encrypted as they go across the wire?   Or can
someone sniffing in the right place capture all of that sensitive VoIP
traffic and reassemble her CC# and SS# from the tones? Is this
somethign that might be an issue in the future or is there already an
answer out there?

-Seth