bigunk
Gort, Klattu Birada Nikto
join:2001-02-10
Santa Clarita, CA | Excellent!!
Since this is what I do for a living, the more I can learn, the better for my clients. |
|
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
| said by bigunk  :Since this is what I do for a living, the more I can learn, the better for my clients. And many businesses tell their employees that they can and will listen in to voice calls and internet traffic made using office devices. A tool like this would make that easier to do. Security departments in large companies often monitor both voice and data communications of their employees. And as long as they let their employees know this it has been ruled legal.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
| But what about the people that are not supposed to have access to this data/voice? What about the guy who is there fixing your printer, running Wireshark, and is taking dumps of all of your traffic? There are no longer just policy issues, but real security issues.
Would you go to a banking website that didn't offer SSL? Would you call them? Sure! But if you/your company didn't secure their VoIP, it is just as secure as plain HTTP. |
|
pandora
Premium
join:2001-06-01
Outland |  Ok, try this. I'm a Future-Nine customer, using a PAP2T. How exactly do I get secure VOIP communication on my calls?
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
nitzan
Premium,VIP
join:2008-02-27
 ·ViaTalk
·Comcast
| said by pandora :Ok, try this. I'm a Future-Nine customer, using a PAP2T. How exactly do I get secure VOIP communication on my calls? You cannot at this point. Secure RTP is not developed enough to implement at this point in time unfortunately.
We do intend to implement it once readily available though.
Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time.
If a third-party wanted to spy on you specifically, in 99% of cases they can't.
--
Nitzan Kon, CEO
Future Nine Corporation |
|
nitzan
Premium,VIP
join:2008-02-27
·ViaTalk
·Comcast
| reply to quetwo
said by quetwo :Would you go to a banking website that didn't offer SSL? Would you call them? Sure! But if you/your company didn't secure their VoIP, it is just as secure as plain HTTP. Totally agreed. The problem however is that Secure RTP is not mature enough at this point, so it is simply not available as a widespread solution. It'll be some time (and probably a lot more demonstrations of vulnerability) before this area gets the attention it deserves.
--
Nitzan Kon, CEO
Future Nine Corporation |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
|  reply to nitzan
Thanks for the information. I have another question about security. My thought was my cable Internet service is shared with about 60-100 of my neighbors. Wouldn't any of my neighbors on our shared Comcast cable node be able to listen into my VOIP calls?
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
Kearnstd
Elf Wizard
Premium
join:2002-01-22
Mullica Hill, NJ
| reply to bigunk
afaik no, i dont think they can get your packets to come through their cable modem. atleast not in the current versions of DOCSIS. id imagine their CDV service would be harder to "hack" unless of course you have access to the switch or some other point where your calls are no longer on the DOCSIS network and are on a normal IP network.
that said if someone wants to get at your calls they will, there is no such thing as absolute communications security unless you have an empty sound proof room that is also a Faraday cage, and fires off an EMP in the room before you start talking(to fry any micro-recorders).
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports |
|
anony101
@comcast.net
| reply to nitzan
Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. |
|
anony101
@comcast.net
| reply to pandora
Thanks for the information. I have another question about security. My thought was my cable Internet service is shared with about 60-100 of my neighbors. Wouldn't any of my neighbors on our shared Comcast cable node be able to listen into my VOIP calls? It depends whether your VOIP provider uses SRTP to encrypt RTP packets from you to their proxy. Some do and some don't. You should call them and ask.
Keep in mind that encrypted VOIP calls lose the encryption once they reach the PSTN. |
|
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
 ·AT&T DSL Service
| reply to anony101
said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. Does that mean all Cable calls are unencrypted by default? How would a customer turn on encryption?
--
Fight NebuAD and the like:
Click Here to pollute their data |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to anony101
said by anony101 :Thanks for the information. I have another question about security. My thought was my cable Internet service is shared with about 60-100 of my neighbors. Wouldn't any of my neighbors on our shared Comcast cable node be able to listen into my VOIP calls? It depends whether your VOIP provider uses SRTP to encrypt RTP packets from you to their proxy. Some do and some don't. You should call them and ask. Keep in mind that encrypted VOIP calls lose the encryption once they reach the PSTN. If you read this thread, you'll see my provider has posted and indicated there is no security for my VOIP content.
»Re: Excellent!!
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
nitzan
Premium,VIP
join:2008-02-27
·ViaTalk
·Comcast
| reply to anony101
said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. I could be wrong, but AFAIK your neighbors CANNOT sniff your packets. Unless they have access to the switch - which they don't - they cannot listen in on you. |
|
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast
1 edit | said by nitzan :said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. I could be wrong, but AFAIK your neighbors CANNOT sniff your packets. Unless they have access to the switch - which they don't - they cannot listen in on you. You couldn't do it on the PC side of the cable modem. But if you hook up a device directly to the cable and bypass the cable modem altogether with a sniffer device, you could see and capture the packets on your local node.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
nitzan
Premium,VIP
join:2008-02-27 | Interesting. Didn't know that.
So essentially, cable internet is inherently less secure than, say, DSL? or better yet - FTTH? |
|
Cabal
Premium
join:2007-01-21
Boston, MA
| reply to anony101
said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. False. Look up BPI+.
--
Do you care about network neutrality, the right to privacy, or patent system abuse? Obama used to. |
|
pfak
Premium
join:2002-12-29
Canada
·Shaw
 ·Novus Entertainmen..
| reply to GOLFnSUN
said by GOLFnSUN :You couldn't do it on the PC side of the cable modem. But if you hook up a device directly to the cable and bypass the cable modem altogether with a sniffer device, you could see and capture the packets on your local node. Look up BPI+.
Sometimes I really wish DSLR had a moderation system like Slashdot so all your posts would be "-1" 
--
Xenophase - British Columbia's premier online gaming community. |
|
joako
Premium
join:2000-09-07
/dev/null
 ·AT&T U-Verse
| reply to quetwo
said by quetwo :But what about the people that are not supposed to have access to this data/voice? What about the guy who is there fixing your printer, running Wireshark, and is taking dumps of all of your traffic? There are no longer just policy issues, but real security issues. Would you go to a banking website that didn't offer SSL? Would you call them? Sure! But if you/your company didn't secure their VoIP, it is just as secure as plain HTTP. And I'll tell you security on bank networks isn't perfect. All of this would be possible with physical access to the networking equipment. The ones I've been in don't restrict DHCP leases. You do need to use a proxy server most of the time and many times that's password protected (same as AD login) but there's no device control. I can walk in
The banking applications appear to be well secured (not my job...not going to test their security) but I sure hope all network traffic is encrypted.
Most of these banks also send a good amount of their voice traffic over T1 (voice) lines which would be trivial to tap into, even down the road.
--
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0 |
|
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast
| reply to pfak
There is no protection against tampering with the signals on the RF cable network.
The main advantages of BPI+ in DOCSIS 1.1 is the capability to upgrade crypto mechanisms in already deployed Cable Modems and the use of digital certificates to authenticate Cable Modems.
Notice also that all setup and configuration of the BPI functions are made at the CMTS, so as a user you have very little control over when your data are encrypted and when they are not. In reality the purpose of BPI and BPI+ is this
* To protect against theft of service
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
| reply to joako
said by joako :Most of these banks also send a good amount of their voice traffic over T1 (voice) lines which would be trivial to tap into, even down the road. It is actually very difficult to tap into a T1 service. T1 lines uses a very sporratic form of CRC checking for SLIP errors. Any loss on the line would disrupt the communicaiton and cause major alarms on the equipment on either side. You usually can't get a tone/test on a pair NEAR a T1 before it causes it to slip. Mind you, if you use an official CSU (or similar device with a monitor bypass port), you can technially sniff the T1, but these should be in fairly secure areas (at the CO and the cust prem). |
|
