May 18th, 2005

Pundit: Stop your VoIP installation now!! To which I reply ...

Posted by Russell Shaw @ 1:04 am

Categories: General, Security

Tags:

I respect David Coursey. He’s an IT consultant, author and commentator of long standing.

Still, my eyes popped a bit when I read his latest piece, which he posted late yesterday.

Let’s Put VoIP on Hold is a plea for IT administrators everywhere in the known universe to not plan any new VoIP installs until VoIP security improves.

You name it: voice spam, privacy violations, all sorts of hacking.

Coursey wrote the article after moderating a VoIP security panel that included a VoIP vendor, a VoIP Security Alliance official, and the estimable Wayne Rash, whose columns about VoIP security risks for eWeek hold true to the descriptive imagery of his given surname.

The article really sounds like Coursey is trying hard not to be freaked. But I will tell you this. He sounds freaked.

But then consider this: it is the job of security folks to make us feel fear, and by doing so, make the case for their solutions.

It’s how we deal with fear that is the key psychometric here. I remember my then-girlfriend, in the weeks right after 9-11-01, quivering that Osama was gonna nuke New York because some breathless commentator on a cable network named after a canid posited that strong possibility.

A good way to manage this fear, I’ve told some people, is to distinguish the difference between what can happen from what will happen.

Sure, VoIP has some security vulnerabilities. But statistically speaking, what is the proporionate risk?

Do you agree with me or Dave Coursey? TalkBack to me on this one.