Send VoiceOps mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/voiceops
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of VoiceOps digest..."
Today's Topics:
1. Re: Network Security Audit (Ryan Delgrosso)
2. Re: Network Security Audit (Daisuke Dgigen)
3. Re: What does an ALG actually do? (Moises Silva)
----------------------------------------------------------------------
Message: 1
Date: Tue, 05 Mar 2013 12:36:02 -0800
From: Ryan Delgrosso <[email protected]>
To: [email protected]
Subject: Re: [VoiceOps] Network Security Audit
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Dan,
I think you are functionally looking for two different companies.
I have used Accuvant to do general network security audits as well as
focused vulnerability assessments in the past and have been very happy
with them. Their level of understanding about the internet threat space
is very comprehensive and their work is thorough, but companies versed
in doing vulnerability assessments against the normal sorts of threats
will not be accustomed to the types of threats an ITSP faces.
On the voip side the market is much more slim since very few understand
the implications of carrier scale voip on a network, or the regulatory
requirements that come with this space etc. My personal recommendation
on the voip side would be for ECG, Mark Lindsey over there has a firm
grasp of many of the security problems facing a telecom provider these
days.
I've spent far too much time in recent months dealing with these sorts
of topics, so please feel free to ask if you have other questions.
-Ryan
On 03/05/2013 08:54 AM, Dan White wrote:
> I have been asked by management to find options to bring in an external
> auditing company to evaluate our network and provide appropriate
> recommendations.
>
> We are a small telecommunications company looking for firms with
> experience
> in Voice (VoIP) security audits, as well as general security experience
> appropriate for a Broadband ISP, with an internal corporate network.
>
> We're located in the southern US (Oklahoma).
>
> Public and private recommendations are welcomed.
>
> Thank You,
------------------------------
Message: 2
Date: Wed, 6 Mar 2013 15:35:49 +0900
From: Daisuke Dgigen <[email protected]>
To: Dan White <[email protected]>
Cc: [email protected]
Subject: Re: [VoiceOps] Network Security Audit
Message-ID:
<CAGjhALbtfg1F8UGVX8PxZU8T+SGoemzsru=hqukpbqmok7-...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello, Dan,
Our company NextGen in Japan provides SIP/VoIP consulting service which
includes audits of vulnerability and security threats.
We've done audit more than 150 systems mainly for telecom carriers, and
vendors.
Unfortunately our website shows audit service only in Japanese for now, so
please see the page here translated into English by Google.
http://translate.google.co.jp/translate?sl=ja&tl=en&js=n&prev=_t&hl=ja&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.nextgen.co.jp%2Fsolution%2Fvoip%2Fservice%2Fsipvoip_1.html&act=url
About our company profile;
http://www.nextgen.co.jp/english/
I'll send you English presentation chart directly. Please see and contact
me directly if you have interested more.
Regards,
Daisuke
2013/3/6 Dan White <[email protected]>
> I have been asked by management to find options to bring in an external
> auditing company to evaluate our network and provide appropriate
> recommendations.
>
> We are a small telecommunications company looking for firms with experience
> in Voice (VoIP) security audits, as well as general security experience
> appropriate for a Broadband ISP, with an internal corporate network.
>
> We're located in the southern US (Oklahoma).
>
> Public and private recommendations are welcomed.
>
> Thank You,
> --
> Dan White
> ______________________________**_________________
> VoiceOps mailing list
> [email protected]
> https://puck.nether.net/**mailman/listinfo/voiceops<https://puck.nether.net/mailman/listinfo/voiceops>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://puck.nether.net/pipermail/voiceops/attachments/20130306/a463d256/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 6 Mar 2013 10:24:43 -0500
From: Moises Silva <[email protected]>
To: Alex Balashov <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [VoiceOps] What does an ALG actually do?
Message-ID:
<CAA4nhyA8Fqov_HxWpEOma+=ux+kfo8avjc8oacn-jrzoaz4...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
On Sat, Mar 2, 2013 at 5:17 PM, Alex Balashov <[email protected]>wrote:
> Correct me if I'm wrong, but last time I looked, Linux's netfilter kernel
> module for SIP, ip_conntrack_sip, still is ignorant of SDP entirely.
>
I just checked the latest stable tree (git://
git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git)
It does parse the SDP finding session/media description rtp/rtcp ports and
it does mangle the UDP packet. See net/netfilter/nf_nat_sip.c, function
process_sdp()
Cheers,
*Moises Silva
**Manager, Software Engineering***
[email protected]
Sangoma Technologies
100 Renfrew Drive, Suite 100, Markham, ON L3R 9R6 Canada
t. +1 800 388 2475 (N. America)
t. +1 905 474 1990 x128
f. +1 905 474 9223
**<http://www.sangoma.com/contact?utm_source=signature&utm_medium=email&utm_campaign=email+signatures>
Products<http://sangoma.com/products?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
|
Solutions<http://sangoma.com/solutions?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
|
Events<http://sangoma.com/about_us/events?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
|
Contact<http://www.sangoma.com/contact?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
|
Wiki<http://wiki.sangoma.com/?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
|
Facebook<http://www.facebook.com/pages/Sangoma-VoIP-Cards/43578453335?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
|
Twitter<http://www.twitter.com/sangoma?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>`|
|
YouTube<http://www.youtube.com/sangomatechnologies?utm_source=signature&utm_medium=email&utm_campaign=email%2Bsignatures>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://puck.nether.net/pipermail/voiceops/attachments/20130306/4eab7ff0/attachment-0001.html>
------------------------------
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
End of VoiceOps Digest, Vol 45, Issue 5
***************************************
