A Pioneers View of VOIP and SIP Security
Jonathan Rosenberg, one of the founders of the SIP protocol, responds to VOIP security concerns.Jonathan Rosenberg, PhD, the chief technology officer Dynamicsoft, a telecommunications infrastructure vendor based in Parsippany, NJ, is co-author of the Session Initiation Protocol standard, one of the underpinnings of Voice over Internet Protocol telephony. He was recently named as a member of the Internet Architecture Board, the technical body tasked with providing oversight of the architecture, protocols and procedures used by the Internet. Ellen Muraskin, eWeek.coms VOIP and Telephony topic center editor, interviewed Rosenberg via e-mail to get his responses to the security concerns raised in Jim Louderbacks recent column, Security Holes Make VOIP a Risky Business. Isnt the security of a VOIP network a function of the SIP protocol in the first place? Many of the attacks Jim is concerned about are something that SIP would need to (and does) protect against. For example, preventing an attacker from eavesdropping on a call is something that SIP itself provides. Preventing someone from hijacking my calls is something that SIP provides. Preventing someone from sending a flood of packets to a SIP server is not something SIP itself can stop, since the attack is not attempting to manipulate any aspect of SIP operation.
What is the best defense against a flood of packets, i.e., a denial-of-service attack?