Soren Rathje
2005-Jan-08 11:16 UTC
[Asterisk-Users] FYI: NIST issues recommendations for secure VOIP
Following is sharelessly copied from one of the newsgroups I read on grc.com.. /Soren NIST issues recommendations for secure VOIP http://www.gcn.com/vol1_no1/daily-updates/34747-1.html http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf *********************************************************** Quote *********************************************************** The National Institute of Standards and Technology has offered some cautionary advice for offices considering moving their telephone systems to voice over IP. "VOIP introduces both security risks and opportunities," NIST said in a recently released report. "Lower cost and greater flexibility are among the promises of VOIP for the enterprise, but VOIP should not be installed without careful consideration of the security problems introduced." The report, Security Considerations for Voice over IP Systems [1], offers recommendations for using VOIP. According to NIST, the need to logically separate voice and data traffic, provide backup power and ensure business continuity could seriously compromise the promise of a single, inexpensive voice and data network. NIST Special Publication 800-58 is the final version of a draft report published in April by the agency's Computer Security Division. [...] *********************************************************** Unquote *********************************************************** [1]: http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
Apparently Analagous Threads
- FIPS186-3 and NIST SP800-57 support
- [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
- Can we disable diffie-hellman-group-exchange-sha1 by default?
- ssh-keygen DSA keys longer than 1024 bit
- DH Group Exchange Fallback