The Black Bag Security Briefing Dan York, Jonathan Zar, Shawn Merdinger

Who We Are Dan York, CISSP Best Practices Chair, VoIP Security Alliance Chair, Product Security Team, Mitel Corporation Co-host, Blue Box: The VoIP Security Podcast Email: dan_york@mitel.com Jonathan Zar Secretary & Threat Taxonomy Chair, VoIP Security Alliance Managing Director, Pingalo Co-host, Blue Box: The VoIP Security Podcast Email: jz@ieee.org Shawn Merdinger Technical Advisor, VoIP Security Alliance Independent Security Researcher & Consultant Email: shawnmer@io.com

Dan York, CISSP

Best Practices Chair, VoIP Security Alliance

Chair, Product Security Team, Mitel Corporation

Co-host, Blue Box: The VoIP Security Podcast

Email: dan_york@mitel.com

Jonathan Zar

Secretary & Threat Taxonomy Chair, VoIP Security Alliance

Managing Director, Pingalo

Co-host, Blue Box: The VoIP Security Podcast

Email: jz@ieee.org

Shawn Merdinger

Technical Advisor, VoIP Security Alliance

Independent Security Researcher & Consultant

Email: shawnmer@io.com

Speaker Introduction – Dan York Dan York, CISSP, is Director of IP Technology reporting to the CTO of Mitel Corporation and focused on emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates the efforts of a cross-functional group to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, York served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003. As Best Practices Chair for the VOIP Security Alliance, York leads the project to develop and document a concise set of industry-wide best practices for security VoIP systems. He is also heading up VOIPSA's move into "social media" with the launch of the Voice of VOIPSA group weblog. Additionally, York is the producer of Blue Box: The VoIP Security Podcast where each week he and co-host Jonathan Zar discuss VoIP security news and interview people involved in the field. His writing can also be found online at his weblog, Disruptive Telephony .

Dan York, CISSP, is Director of IP Technology reporting to the CTO of Mitel Corporation and focused on emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates the efforts of a cross-functional group to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, York served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003.

As Best Practices Chair for the VOIP Security Alliance, York leads the project to develop and document a concise set of industry-wide best practices for security VoIP systems. He is also heading up VOIPSA's move into "social media" with the launch of the Voice of VOIPSA group weblog. Additionally, York is the producer of Blue Box: The VoIP Security Podcast where each week he and co-host Jonathan Zar discuss VoIP security news and interview people involved in the field.

His writing can also be found online at his weblog, Disruptive Telephony .

Speaker Introduction – Jonathan Zar Jonathan Zar is Secretary and Outreach Chair for VOIPSA, the VoIP Security Alliance, the industry’s global coalition to protect security and privacy in converged media. More than 115 million units of products have now been sold based on technologies created and commercialized under his leadership at companies including Apple Computer. A member of the IEEE, the ACM, the Licensing Executive Society, GABA, CINA and TiE, global associations for entrepreneurs. Jonathan is a recognized authority in creating valuable brands for revenue growth. He is a trusted advisor to venture investors and C-level executives at public corporations.

Jonathan Zar is Secretary and Outreach Chair for VOIPSA, the VoIP Security Alliance, the industry’s global coalition to protect security and privacy in converged media.

More than 115 million units of products have now been sold based on technologies created and commercialized under his leadership at companies including Apple Computer.

A member of the IEEE, the ACM, the Licensing Executive Society, GABA, CINA and TiE, global associations for entrepreneurs.

Jonathan is a recognized authority in creating valuable brands for revenue growth. He is a trusted advisor to venture investors and C-level executives at public corporations.

Speaker Introduction – Shawn Merdinger Shawn Merdinger is a independent security researcher and consultant based in Austin Texas, USA and expert in VoIP. Shawn has prior corporate experience on major projects working with with Cisco Systems' STAT and TippingPoint. His research in VoIP security has led to multiple CVE vulnerabilities, several international security conferences, and involvement as a Technical Advisor with VOIPSA, the Voice Over IP Security Association, and other organizations.

Shawn Merdinger is a independent security researcher and consultant based in Austin Texas, USA and expert in VoIP.

Shawn has prior corporate experience on major projects working with with Cisco Systems' STAT and TippingPoint.

His research in VoIP security has led to multiple CVE vulnerabilities, several international security conferences, and involvement as a Technical Advisor with VOIPSA, the Voice Over IP Security Association, and other organizations.

Agenda The Challenge of VoIP Security Understanding VoIP Security Threats VoIP Security Best Practices Tools, Contacts, Help Summary VoIP Security Tools VoIP Security Best Practices Resources Questions / Answers

The Challenge of VoIP Security

The Implications are Clear Privacy Compliance Cost Avoidance Availability Business Continuity Confidence Mobility

The Noise is Deafening

The Problem is Complex Databases Directories E-mail Systems Web Servers Operating Systems Firewalls Desktop PCs Voice over IP Network Switches Wireless Devices PDAs PSTN Gateways Instant Messaging Standards Internet

VoIP Is More Than IP Telephony VoIP means more than low cost telephony … more than: VOICE + IP Market Concept vs. Technology Technology MUCH broader than popular understanding Enabling Technology Diffusing Rapidly - Bit streams are democratic, they can carry anything - Bundling and triple-play are only interim steps - Research informs future threats to both security and privacy Source: Pingalo

VoIP means more than low cost telephony

… more than: VOICE + IP

Market Concept vs. Technology

Technology MUCH broader than popular understanding

Enabling Technology Diffusing Rapidly

- Bit streams are democratic, they can carry anything

- Bundling and triple-play are only interim steps

- Research informs future threats to both security and privacy

Technology Underneath Mobile and Wireless Source: Pingalo

Into The Core Network Source: 3G Americas, Pingalo

Key Market Inhibitors Parity With PSTN Network Availability Network Performance End-point Security Feature and Service Reliability E911 – fire, ambulance, police Emergency Power Universal Access Consistent Billing, Tariff Regulation Public Confidence in Security and Privacy Source: Pingalo

Parity With PSTN

Network Availability

Network Performance

End-point Security

Feature and Service Reliability

E911 – fire, ambulance, police

Emergency Power

Universal Access

Consistent Billing, Tariff Regulation

Public Confidence in Security and Privacy

Social Model Social Policy Fairness Privacy Privilege Social Responsibility Model: Intention + Impact Social Issues Misrepresentation False: Identity, Authority, Rights, Content Unwanted Conduct and Bypassing Refused Consent Harassment, Extortion, Obscenity, Other Unsolicited Communication Theft of Services Source: Pingalo

Social Policy

Fairness

Privacy Privilege

Social Responsibility Model: Intention + Impact

Social Issues

Misrepresentation

False: Identity, Authority, Rights, Content

Unwanted Conduct and Bypassing Refused Consent

Harassment, Extortion, Obscenity, Other Unsolicited Communication

Theft of Services

Global Approach to Privacy US First to Regulate But Limited to Fair Use Originating in 1960’s first regulation of credit databases (A. Weston) Based on commercial due process Pro-business but gives public certain rights Usually Sector Specific Regulation Addresses abuses in certain industries Or public fears of abuse, but industry specific Examples: financial services, telecommunications, databases EU Approach Is Broader [opt-in vs. opt-out] Asia Approach Mid-way Between US and EU Source: Pingalo

US First to Regulate But Limited to Fair Use

Originating in 1960’s first regulation of credit databases (A. Weston)

Based on commercial due process

Pro-business but gives public certain rights

Usually Sector Specific Regulation

Addresses abuses in certain industries

Or public fears of abuse, but industry specific

Examples: financial services, telecommunications, databases

EU Approach Is Broader [opt-in vs. opt-out]

Asia Approach Mid-way Between US and EU

Global VoIP Regulatory Issues Emergency Services End-points and system have stand-by-power Number to call for emergency response Universal Access Subsidized rates for lower income Fund (tax) to pay for subsidy Government support (laws, funding) for inclusive infrastructure Non-discrimination Competitive peering (CLEC vs. ILEC) Neutrality on carriage (net neutrality) Caller identification Common numbering plans Confidentiality and Exceptions Source: Pingalo

Emergency Services

End-points and system have stand-by-power

Number to call for emergency response

Universal Access

Subsidized rates for lower income

Fund (tax) to pay for subsidy

Government support (laws, funding) for inclusive infrastructure

Non-discrimination

Competitive peering (CLEC vs. ILEC)

Neutrality on carriage (net neutrality)

Caller identification

Common numbering plans

Confidentiality and Exceptions

CALEA and EU data retention FCC August 2004 ruling (upheld on appeal) requires VoIP providers that offer a substitute service for traditional telephone service to comply with the Communications Assistance for Law Enforcement Act (CALEA). Does not address the issue of encryption which is allowed subject to export control e.g. Wassenaar Arrangement. Directive 2006/24/EC of the European Parliament and EU Council, (clarifying Directive 2002/58/EC) specifies 15 September 2007 as the deadline to enact laws mandating that all publicly available electronic communications services and networks retain: identity of telephone and internet services used by parties The name and address of all subscribers and users, essentially all parties name and address IP numbers used in the communications date and time of log-in and log-off of the IP, IPT, and email services date, time, and duration of all calls called, calling, and routed numbers of all parties user ID and telephone numbers on the PSTN for mobile the IMSI and IMEI of all parties location data (time and place by all Cell IDs) in a mobile call Source: Pingalo

FCC August 2004 ruling (upheld on appeal) requires VoIP providers that offer a substitute service for traditional telephone service to comply with the Communications Assistance for Law Enforcement Act (CALEA).

Does not address the issue of encryption which is allowed subject to export control e.g. Wassenaar Arrangement.

Directive 2006/24/EC of the European Parliament and EU Council, (clarifying Directive 2002/58/EC) specifies 15 September 2007 as the deadline to enact laws mandating that all publicly available electronic communications services and networks retain:

identity of telephone and internet services used by parties

The name and address of all subscribers and users, essentially all parties name and address

IP numbers used in the communications

date and time of log-in and log-off of the IP, IPT, and email services

date, time, and duration of all calls

called, calling, and routed numbers of all parties

user ID and telephone numbers on the PSTN

for mobile the IMSI and IMEI of all parties

location data (time and place by all Cell IDs) in a mobile call

What is the Industry Doing to Help? Security Vendors “ The Sky Is Falling!” (Buy our products!) VoIP Vendors “ Don’t Worry, Trust Us!” (Buy our products!)

Voice Over IP Security Alliance (VOIPSA) www.voipsa.org – 100 members from VoIP and security industries VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ “ Voice of VOIPSA” Blog – www.voipsa.org/blog Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com VoIP Security Threat Taxonomy Best Practices Project underway now LEGEND Classification Taxonomy of Security Threats Security Research Best Practices for VoIP Security Security System Testing Outreach Communication of Findings Market and Social Objectives and Constraints Published Active Now Ongoing

www.voipsa.org – 100 members from VoIP and security industries

VOIPSEC mailing list – www.voipsa.org/VOIPSEC/

“ Voice of VOIPSA” Blog – www.voipsa.org/blog

Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com

VoIP Security Threat Taxonomy

Best Practices Project underway now

VoIP Security & Privacy

Security concerns in telephony are not new… Image courtesy of the Computer History Museum

Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/

12 Years of Automated Attacks

Current Major Threats Interruption of Service Non-VoIP specific (UDP..) VoIP specific (INVITE..) Malformed Packets / Fuzzing End-point specific Unlawful Interception General Methods – Packet Capture / Replay Unauthorized Modification Social Attacks Spit Phishing Service Abuse and Toll Fraud

Interruption of Service

Non-VoIP specific (UDP..)

VoIP specific (INVITE..)

Malformed Packets / Fuzzing

End-point specific

Unlawful Interception

General Methods – Packet Capture / Replay

Unauthorized Modification

Social Attacks

Spit

Phishing

Service Abuse and Toll Fraud

Security Aspects of IP Telephony Media / Voice PSTN Call Control TCP/IP Network Manage ment Policy

The Media Path Example Threats: Eavesdropping – particularly if over wireless or open Internet (sniffing) Degraded voice quality through Denial of Service (DoS) attack PSTN Private Enterprise IP Network Internet IP phones Application Servers SOHO IP phones Softphone Call Controller Real-Time Protocol (RTP) Packets TDM IP Policy 802.11 wireless PSTN Call Control TCP/IP Network Manage ment Media / Voice

Example Threats:

Eavesdropping – particularly if over wireless or open Internet (sniffing)

Degraded voice quality through Denial of Service (DoS) attack

The Signalling Path Example Threats: Denial of Service Impersonation Snooping account codes Toll fraud PSTN Internet IP phones Application Servers SOHO IP phones Softphone Call Controller SIP, H.323, Proprietary Private Enterprise IP Network Policy 802.11 wireless PSTN Media / Voice TCP/IP Network Manage ment Call Control

Example Threats:

Denial of Service

Impersonation

Snooping account codes

Toll fraud

The Management Path Example Threats: Snooping passwords Denial of service Application Impersonation Monitoring call patterns Malicious system modifications PSTN Internet Remote Service Call Controller Examples – Telnet, HTTP, FTP, SNMP, XML, TAPI Application Server System Admin NMS System Remote Service Enterprise IP Network Policy PSTN Media / Voice Call Control TCP/IP Network Manage ment

Example Threats:

Snooping passwords

Denial of service

Application Impersonation

Monitoring call patterns

Malicious system modifications

PSTN and Legacy Devices Threats: Toll fraud via public network attack Impersonation Feature access PSTN Internet IP phones Application Servers SOHO Softphone Analog LS, ISDN, Q.SIG, DPNSS Analog Gateway Analog to IP media and signaling conversion Existing PBX Call Controller Private Enterprise IP Network Policy 802.11 wireless Media / Voice Call Control TCP/IP Network Manage ment PSTN

Threats:

Toll fraud via public network attack

Impersonation

Feature access

New Infrastructure Including: The Network Devices on the Network Endpoint Devices Policy Media / Voice Call Control Manage ment PSTN TCP/IP Network

Including:

The Network

Devices on the Network

Endpoint Devices

What about SPIT? (“SPam over Internet Telephony”) Makes for great headlines, but not yet a significant threat Fear is script/tool that: Iterates through calling SIP addresses: [email_address] , [email_address] , … Opens an audio stream if call is answered (by person or voicemail) Steals VoIP credentials and uses account to make calls Reality is that today such direct connections are generally not allowed This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) Until that time, Telemarketers have to initiate unsolicited calls through the PSTN to reach their primary market: slows them down and adds cost SPAM

Makes for great headlines, but not yet a significant threat Fear is script/tool that:

Iterates through calling SIP addresses:

[email_address] , [email_address] , …

Opens an audio stream if call is answered (by person or voicemail)

Steals VoIP credentials and uses account to make calls

Reality is that today such direct connections are generally not allowed

This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint)

Until that time, Telemarketers have to initiate unsolicited calls through the PSTN to reach their primary market: slows them down and adds cost

VoIP Security Tools

Tools to test or attack VoIP systems Lists of VoIP security tools now becoming available Test/defend? Or attack? (Depends upon your perspective) Lists: VOIPSA: http://www.voipsa.org/Resources/tools.php Hacking Exposed VoIP: http://www.hackingvoip.com/tools.html Top 100 Network Security Tools - http://sectools.org/

Lists of VoIP security tools now becoming available

Test/defend? Or attack? (Depends upon your perspective)

Lists:

VOIPSA: http://www.voipsa.org/Resources/tools.php

Hacking Exposed VoIP: http://www.hackingvoip.com/tools.html

Top 100 Network Security Tools - http://sectools.org/

VoIP Sniffing Tools pcapsipdump Oreka NetDude

VoIP Endpoint Scanning/Enumeration Tools SIP Forum Test Framework (SFTF) SIP-Scan SIPScan enumIAX

VoIP DoS/Flooding Tools kphone-ddos INVITE Flooder IAX Flooder RTP Flooder BYE Teardown SIP-Kill SIP-Proxy-Kill CheckSync Phone Rebooter

VoIP Fuzzing/Protocol Manipulation Tools BYE Teardown ohrwurm RedirectPoison Registration Hijacker Registration Eraser

Other... Um... “interesting” tools Spitter RTP InsertSound SIP-Send-Fun RTP MixSound and........

Best Practices to Secure VoIP Systems

First objective is to employ best practices and plug the obvious holes…

Security Challenges … CIA C onfidentiality Protect the voice and data stream including call control signaling Prevent eavesdropping on conversations, toll fraud, impersonation I ntegrity Ensure that information is protected from unauthorized modification Prevent discovery of a user, system or application password A vailability Ensure that communication services are available to users Avoid any adverse effects resulting from a denial of service (DoS) attack or computer worm Others Authentication Authorization Accounting / Audit Trail Nonrepudiation Confidentiality Integrity Availability

C onfidentiality

Protect the voice and data stream including call control signaling

Prevent eavesdropping on conversations, toll fraud, impersonation

I ntegrity

Ensure that information is protected from unauthorized modification

Prevent discovery of a user, system or application password

A vailability

Ensure that communication services are available to users

Avoid any adverse effects resulting from a denial of service (DoS) attack or computer worm

Others

Authentication

Authorization

Accounting / Audit Trail

Nonrepudiation

The Media Path Threats: Eavesdropping – particularly if over wireless or open Internet (sniffing) Degraded voice quality through Denial of Service (DoS) attack Defense Strategies: Encryption of voice path WPA, WPA2 for wireless VLANs Packet filtering PSTN Private Enterprise IP Network Internet IP phones Application Servers SOHO IP phones Softphone Call Controller Real-Time Protocol (RTP) Packets TDM IP Policy 802.11 wireless PSTN Call Control TCP/IP Network Manage ment Media / Voice

Threats:

Eavesdropping – particularly if over wireless or open Internet (sniffing)

Degraded voice quality through Denial of Service (DoS) attack

Defense Strategies:

Encryption of voice path

WPA, WPA2 for wireless

VLANs

Packet filtering

The Signalling Path Threats: Denial of Service Impersonation Snooping account codes Toll fraud Defense Strategies: Signalling path encryption Encrypted phone software loads Proper system programming PSTN Internet IP phones Application Servers SOHO IP phones Softphone Call Controller SIP, H.323, Proprietary Private Enterprise IP Network Policy 802.11 wireless PSTN Media / Voice TCP/IP Network Manage ment Call Control

Threats:

Denial of Service

Impersonation

Snooping account codes

Toll fraud

Defense Strategies:

Signalling path encryption

Encrypted phone software loads

Proper system programming

The Management Path Threats: Snooping passwords Denial of service Application Impersonation Monitoring call patterns Malicious system modifications Defense Strategies: DoS defenses in network infrastructure Changing default passwords Strong password management Ensure physical security Authentication – secure port access Secure Socket Layer (SSL) Audit logs PSTN Internet Remote Service Call Controller Examples – HTTP, SSH, Telnet, FTP, SNMP, XML, TAPI Application Server System Admin NMS System Remote Service Enterprise IP Network Policy PSTN Media / Voice Call Control TCP/IP Network Manage ment

Threats:

Snooping passwords

Denial of service

Application Impersonation

Monitoring call patterns

Malicious system modifications

Defense Strategies:

DoS defenses in network infrastructure

Changing default passwords

Strong password management

Ensure physical security

Authentication – secure port access

Secure Socket Layer (SSL)

Audit logs

PSTN and Legacy Devices Threats: Toll fraud via public network attack Impersonation Feature access Defense Strategies: Class of Restriction (COR) Class of Service (COS) Account Codes Trunk Restrictions Interconnect Restrictions PSTN Internet IP phones Application Servers SOHO Softphone Analog LS, ISDN, Q.SIG, DPNSS Analog Gateway Analog to IP media and signaling conversion Existing PBX Call Controller Private Enterprise IP Network Policy 802.11 wireless Media / Voice Call Control TCP/IP Network Manage ment PSTN

Threats:

Toll fraud via public network attack

Impersonation

Feature access

Defense Strategies:

Class of Restriction (COR)

Class of Service (COS)

Account Codes

Trunk Restrictions

Interconnect Restrictions

Other Best Practices Network Networks should be evaluated for readiness to carry VoIP traffic. Secure mechanisms should be used for traversal of firewalls. Phone Sets Set software loads should be encrypted and tamper-proof. Sets should run the minimum of services required. Connection of a set to the system must require an initial authentication and authorization. Servers Servers should be incorporated into appropriate patch management and anti-virus systems. Sufficient backup power should be available to maintain operation of telephony devices (and necessary network infrastructure) in the event of a power failure. Wireless All wireless devices should implement WPA and/or WPA2 versus WEP. Policy Media / Voice Call Control Manage ment PSTN TCP/IP Network

Network

Networks should be evaluated for readiness to carry VoIP traffic.

Secure mechanisms should be used for traversal of firewalls.

Phone Sets

Set software loads should be encrypted and tamper-proof.

Sets should run the minimum of services required.

Connection of a set to the system must require an initial authentication and authorization.

Servers

Servers should be incorporated into appropriate patch management and anti-virus systems.

Sufficient backup power should be available to maintain operation of telephony devices (and necessary network infrastructure) in the event of a power failure.

Wireless

All wireless devices should implement WPA and/or WPA2 versus WEP.

VOIPSA Best Practices Project Objective Objective: “ This project aims to define a common set of industry-wide ‘best practices’ for securing VoIP systems against the threats outlined in the Threat Taxonomy. While specific practices will vary according to vendor and architecture, the document created by this group will provide an overall view of how best to secure VoIP systems. ” A common document that we all can use and supplement with our own materials. Audience: End customers trying to understand how best to secure their systems. System administrators, technicians and others looking to enter into working with VoIP systems. Press/media whom we can show that VoIP systems can be secured. http://www.voipsa.org/Activities/bestpractices.php

Objective:

“ This project aims to define a common set of industry-wide ‘best practices’ for securing VoIP systems against the threats outlined in the Threat Taxonomy. While specific practices will vary according to vendor and architecture, the document created by this group will provide an overall view of how best to secure VoIP systems. ”

A common document that we all can use and supplement with our own materials.

Audience:

End customers trying to understand how best to secure their systems.

System administrators, technicians and others looking to enter into working with VoIP systems.

Press/media whom we can show that VoIP systems can be secured.

http://www.voipsa.org/Activities/bestpractices.php

VOIPSA Best Practices Project How You Can Help Join the mailing list http://voipsa.org/mailman/listinfo/bestpractices_voipsa.org Visit the Wiki and comment on proposed best practices http://wiki.voipsa.org/tiki-index.php?page=BestPracticesHome Contribute your own best practices or to the text around practices already listed As in the Threat Taxonomy, contributors will be credited in the final product Encourage your staff and others to review the web site and documents Promote the best practices project where you can

Join the mailing list

http://voipsa.org/mailman/listinfo/bestpractices_voipsa.org

Visit the Wiki and comment on proposed best practices

http://wiki.voipsa.org/tiki-index.php?page=BestPracticesHome

Contribute your own best practices or to the text around practices already listed

As in the Threat Taxonomy, contributors will be credited in the final product

Encourage your staff and others to review the web site and documents

Promote the best practices project where you can

Resources

Security Links VoIP Security Alliance - http://www.voipsa.org Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ Weblog - http://www.voipsa.org/blog/ Security Tools list - http://www.voipsa.org/Resources/tools.php Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com/ NIST “Security Considerations for VoIP Systems” http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf Network Security Tools http://www.sectools.org/ Hacking Exposed VoIP site and tools http://www.hackingvoip.com/

VoIP Security Alliance - http://www.voipsa.org

Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php

VOIPSEC email list - http://www.voipsa.org/VOIPSEC/

Weblog - http://www.voipsa.org/blog/

Security Tools list - http://www.voipsa.org/Resources/tools.php

Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com/

NIST “Security Considerations for VoIP Systems”

http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

Network Security Tools

http://www.sectools.org/

Hacking Exposed VoIP site and tools

http://www.hackingvoip.com/

Q&A www.voipsa.org