Sign up
 Vonage  

       
 
Vonage Forum Menu

Vonage Forums
Vonage VoIP Forum
tplink Posted:
Im trying to add
my HT802 vonage
adapter to my home
network. I
currently have
...

In The Forum:
Hard Wiring - Installation
Topic:
Vonage behind switch
On Dec 05, 2016 at 06:35:11

DWSupport Posted:
After recent
Vonage update that
took place on the
4th and 5th of
Nov. E-mails with
...

In The Forum:
Vonage
Topic:
Voicemail Not Forwarding to Outlook Accounts
On Nov 10, 2016 at 12:23:26

peterlee Posted:
Had a call from a
Hospital in Ajax,
Ontario to my home
in
Scarborough, Onta
rio
...

In The Forum:
Vonage Canada
Topic:
Hospital Incoming call unable to connect
On Nov 08, 2016 at 11:59:50

TELLDOUG Posted:
I am looking for a
product that will
make my phone ring
louder so I can
hear using
...

In The Forum:
Vonage
Topic:
Looking for a ringer ameliorate
On Oct 26, 2016 at 09:21:30

HildBeft Posted:
You can recollect
password by
connecting the
router to your pc
and open the
browser
...

In The Forum:
Hard Wiring - Installation
Topic:
How to arrive at wifi password?
On Oct 20, 2016 at 05:05:49

HildBeft Posted:
Great tips..
Thanks for sharing
...

In The Forum:
Hard Wiring - Installation
Topic:
How to have Vonage and another land line?
On Oct 20, 2016 at 04:55:03

massrman Posted:
The devices are
available at
different price
margins , please
share your
estimated
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Sep 30, 2016 at 00:48:03

massrman Posted:
Hi these are most
commonly used SIP
PBX interops and
their
configuration
guides,
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Sep 30, 2016 at 00:37:45

Sammy00 Posted:
Has anyone setup a
W52p phone for
vonage? I have
a W52p with two
wireless handsets,
...

In The Forum:
Hard Wiring - Installation
Topic:
W52p Setup
On Aug 30, 2016 at 10:38:01

James44 Posted:
Hi, I am
looking for a good
Sip Trunking
provider in
Canada. they
should offer
...

In The Forum:
Vonage
Topic:
A good sip trunking provider
On Jul 17, 2016 at 23:42:46


Vonage VoIP Forums

Vonage In The News
Vonage Holdings Corp. Reports Fourth Quarter and Full Year 2013 Results

Carolyn Katz Elected to Board of Directors of Vonage Holdings Corp.

Syndication

Vonage Customer Reviews
Vonage vs. Time Warner Cable SoCal
Vonage vs. Time Warner Cable SoCal



Vonage UK Review
Vonage UK Review



Vonage Pros and Cons for 2006
Vonage Pros and Cons for 2006



Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review
Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review



Salt Lake City: impressions after several months
Salt Lake City: impressions after several months




Vonage Reviews


Post new topic   Reply to topic  Vonage® VoIP Forum - Vonage News, Reviews And Discussion » Vonage Forum Archive
Author Message
ToddlerTN
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Feb 12, 2005
Posts: 482
Location: Nashville, TN

PostPosted: Mon Mar 28, 2005 12:50 pm    Post subject: Reply with quote Back to top

I don't think anyone is saying don't be concerned about privacy or security in general. But this specific fear--that someone will be able to capture your Voip packets, reassemble all of your calls and extract your credit card numbers from those conversations--probably belongs at the bottom of any practical list of privacy/security concerns.

_________________
Comcast 6/768
Vonage customer since 01/05
RT31P2 running behind WRT54G w/Sveasoft Alchemy-V1.0 v3.37.6.8sv
View user's profile Send private message
rebus
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Dec 04, 2004
Posts: 448
Location: Tampa Bay

PostPosted: Mon Mar 28, 2005 9:23 pm    Post subject: Reply with quote Back to top

ToddlerTN wrote:
I don't think anyone is saying don't be concerned about privacy or security in general. But this specific fear--that someone will be able to capture your Voip packets, reassemble all of your calls and extract your credit card numbers from those conversations--probably belongs at the bottom of any practical list of privacy/security concerns.

It depends who you ask, and it's not just credit card info. It's any subject considered private. Personal matters, banking information, business plans-- pretty much anything you wouldn't stand on the street corner and tell the world. This whole issue is fairly easy to fix, because encrypting network traffic is trivially easy. HTTPS. SFTP. VPN. SSH. RDP-- these are secure protocols we use every day. Run Voip traffic over SRTP instead of RTP, and voila, problem solved and everybody's happy.

 

 
View user's profile Send private message
LuisPR
Vonage Forum Master
Vonage Forum Master


Joined: Oct 08, 2004
Posts: 292

PostPosted: Tue Mar 29, 2005 12:33 am    Post subject: Industry group sets out to make VOIP secure Reply with quote Back to top

Industry group sets out to make Voip secure
Stephen Lawson, IDG News Service

29/03/2005 13:14:49

A group formed to head off Voip (voice over Internet Protocol) security problems laid out its first set of priorities on Monday: setting up a taxonomy to classify threats and establishing the requirements for making Voip secure.

The Voip Security Alliance (VOIPSA), which was established last month and includes Verizon Communications, Nortel Networks, VeriSign, PricewaterhouseCoopers and about 50 other vendors and service providers, also announced its first board of directors.

Initially, the group will set up two committees, according to David Endler, VOIPSA chairman and director of security research at Tipping Point, a 3Com company that sells intrusion prevention gear. One committee will figure out a way to classify threats and the other will define security requirements for Voip equipment and security components, as well as for network architecture and management and user authentication. Armed with the results of these committees, VOIPSA will move on to defining best practices, developing test methodologies, driving research into vulnerabilities and educating the industry and public, Endler said. VOIPSA is not intended as a standards organization but as a vendor-independent resource for the industry, he said.

VOIPSA aims to prevent a common problem with popular new technologies, such as Wi-Fi wireless LANs, in which the technology is quickly adopted and only later does the industry find and address security problems, Endler said.

Potential dangers to Voip include DDOS (distributed denial of service) attacks, voice spam and a form of phishing in which attackers could spoof the phone number of a legitimate caller on a caller ID display, Endler said. The threats are only beginning to emerge, but over time they're likely to proliferate, even getting into the hands of inexperienced hackers known as "script kiddies," he said.

"The same security threats that plague data networks today are inherited by VOIP," Endler said. But the addition of Voip as an application on the network makes those threats even more dangerous, he added. For example, a DDOS attack may slow down someone browsing the Web, but on a Voip network it could prevent 911 calls, he said. "By adding Voip components to your data network, you're also adding new security requirements."

Though the group has a broad roster of equipment vendors, service providers and security companies, major Voip names such as Cisco Systems, Vonage Holdings and chip maker Texas Instruments are not yet members. Those companies all have been invited, Endler said.

Cisco declined the invitation because it's already working on enhancing Voip security through standards organizations such as the Internet Engineering Task Force, International Telecommunication Union and SIP (Session Initiation Protocol) Forum, said Roger Farnsworth, a Cisco product marketing manager. Cisco believes it ships secure Voip systems today and has published its own set of guidelines for implementing secure IP telephony as part of the Cisco SAFE Blueprint series, he said.

"We thought it would be redundant to join another group that is addressing these problems," Farnsworth said. "If they specify activities that are in the interests of the industry and aligned with Cisco's interests, we'll be the first to line up," he added.

IDC Voip analyst William Stofega is cautiously optimistic about the alliance.

"I think they have enough critical mass between carriers and vendors that it should provide enough momentum to solve some of the outstanding problems," Stofega said. However, the addition of more service providers and a dominant company such as Cisco or Microsoft Corp. would help, he added.

Other major threats to Voip networks include spam calling, tapping into calls and denial of service, Stofega said.

One frequently overlooked area that should be addressed in VOIPSA's guidelines is physical security for server rooms, Stofega said. An attacker who gets access to a server can wreak havoc, and the results could be especially devastating if that server is running a company's phone calls, he said.
http://www.computerworld.com.au/pp.php?id=126733506&fp=16&fpid=0
View user's profile Send private message
mohrds
Vonage Forum Junior
Vonage Forum Junior


Joined: Apr 05, 2005
Posts: 34

PostPosted: Thu Apr 14, 2005 10:50 am    Post subject: Reply with quote Back to top

Just because there is a low statistical chance of it happening, doesn't mean that Voip carriers shouldn't perform Due Diligence when deciding security policies.

Being a technology security consultant for the financial industry, I deal with these kind of issues every day. It is absolutely scary to see how many companies take lackadaisical approaches to information security. It is cheaper to recover from a few exposures than to invest in preventing it. It is an awful policy.

Consumers are given a false sense of security due to advertisements where a company uses security buzz words to describe its offerings.

Unfortunately, no Voip provider is going to invest in secure communication until people demand it. So if everyone demands it and talks about it often, they will look at the market demand and act accordingly.

Doug
View user's profile Send private message AIM Address Yahoo Messenger
Skyla
New Forum Member
New Forum Member


Joined: Apr 22, 2005
Posts: 1

PostPosted: Fri Apr 22, 2005 6:35 pm    Post subject: Reply with quote Back to top

Just a side note to the lack of security. Okay one does not give out credit card or other account numbers on the phone but just idle chatter. How often have you talked about going some where and for how long. Mention you just bought something.

How often has your child talked on the phone and told their friends what they are wearing and where they are going. All seems none interesting.

Now what can someone do with such information. Well if you are planning a weekend away and you call to tell some one you will be away for the weekend. Someone may find that your house is now vacant and when you come back your house will be empty.

Or something that concerns me, a daughter says se is going to the park for the day and she is wearing her favorite shirt that says kiss me. And some one finds the phone number and then checks the address and then goes to the park and then the police come and visit my house when she doesn't return.

Idle chatter can be just as dangerous and just because it is not a problem now, doesn't mean it won't happen in the future.

The difference between POTS and Voip is ease of availabilty for the information being passed. One has to find the actualy wire to connect to versus a continuous search for unencrypted traffic by a machine.

Nothing is totaly secure but most of us still lock our doors just incase.

Skyla
View user's profile Send private message
libove
Vonage Forum Associate
Vonage Forum Associate


Joined: Apr 27, 2004
Posts: 17
Location: Barcelona, Spain

PostPosted: Sat Apr 23, 2005 8:50 pm    Post subject: I got a Vonage rep to send an email indemnifying me Reply with quote Back to top

When I first signed up with Vonage, being one of them (ISC)2 CISSP types, I asked Vonage about their security intentions. Of course I got the ignorant customer service party line about it being secure.

So I asked them to send me an email saying that I'd be indemnified against all losses occurring as a result of a security breach on the part of Vonage's unsecured Voip service... and they did.

Not worth much, of course, since customer service reps aren't usually given the authority to bind a company to that kind of thing, but, hey, if someone's Vonage service actually gets hacked and they suffer a loss (even just calls billed to them that they didn't make), drop me a line, I'll send you a copy of the email so you can hand it to your lawyer as some degree of evidence that Vonage was deliberately failing its security due diligence :)

-Jay
Atlanta
View user's profile Send private message
jmpage2
Vonage Forum Junior
Vonage Forum Junior


Joined: Feb 22, 2005
Posts: 36

PostPosted: Sat Apr 23, 2005 9:27 pm    Post subject: Reply with quote Back to top

The primary challenge for Vonage is that doing encryption/decryption of the RTP stream induces some additional latency in the transmission time (up to 10-20ms per encrypt/decrypt DSP operation) and it also requires a faster processor in the router to handle the encryption.

As far as the signalling goes, secure SIP is a pretty good standard and there's probably little reason that Vonage could not support it, although I think Vonage uses all Cisco gear in their core and I'm not sure if Cisco even supports SSIP yet (I work for a large competitor of Cisco in the Voip space and we have security as we have a lot of military/govt accounts that require it).

As others have said, it would be extremely easy to build an ethereal filter that simply looks for one of several hundred bank phone numbers as the dialed number in that section of the SIP initiate message, then the sniffer dumps all the packets into a file. Then the hacker plays them back and writes down the credit card numbers, last four digits of your social, etc.

Believe me, this is a big deal and there are some very smart people with too much time on their hands who are already looking at ways to do this to compromise your identity.

Vonage should be taking this very seriously, it's definitely "worth someone's time" to spend a few weeks putting a scanner together if it nets them several hundred CC#s or enough information to steal someone's identity.
View user's profile Send private message
Michael545
Full Forum Member
Full Forum Member


Joined: Mar 14, 2005
Posts: 47
Location: Los Angeles

PostPosted: Sun Apr 24, 2005 6:48 am    Post subject: Reply with quote Back to top

ToddlerTN said:

Quote:
I don't think anyone is saying don't be concerned about privacy or security in general. But this specific fear--that someone will be able to capture your Voip packets, reassemble all of your calls and extract your credit card numbers from those conversations--probably belongs at the bottom of any practical list of privacy/security concerns.


I agree completely. Even if someone DOES get my credit card number, I personally don't give a damn. My liability (at least in the US) is limited to 50 bucks, and on the two occasions that someone did get a number of mine, the CC company didn't even bother.

This whole thing strikes me as a non-issue, especially in light of the fact that NSA computers listen to every single POTS line call made in the US - and probably elsewhere.

I don't know what some of you people are up to, but whatever it is, don't do it on a phone of any kind if you are that worried about it.

There is no such thing as privacy.
View user's profile Send private message
libove
Vonage Forum Associate
Vonage Forum Associate


Joined: Apr 27, 2004
Posts: 17
Location: Barcelona, Spain

PostPosted: Sun Apr 24, 2005 7:29 am    Post subject: Practical security concerns of VoIP Reply with quote Back to top

Since quite a few people have replied to this thread saying that they're not worried about someone reassembling their voice conversations and stealing their credit card numbers, I'd like to propose some more practical concerns about Voip insecurity.

1. That someone will co-opt the identity of your Voip adaptor and make lots of phone calls on your phone bill. Since the service is obviously "secure", you "must" have made those phone calls, and you will be expected to pay for them, right? Note that while domestic phone calls are cheap, there are still some international calls which cost real money even through Vonage. Not to mention the ongoing nuisance of having to challenge the fraudulent calls for as long as they keep appearing on your account, possibly forcing you to change your phone number...

2. That someone will use any arbitrary Voip service - not yours in particular - to activate the credit card that they just fraudulently got in your name (or more likely stole out of your physical mailbox) by having their Voip service spoof your home phone number, which is obviously "secure" so you "must" have been the one making the phone call to activate the (stolen) credit card, right? Of course, Voip is only one mechanism by which your home phone number can be spoofed to a credit card activation system. Some mobile phones suffer this problem, and anyone with a PBX can do it too. Still, like many things, it's easiest on the Internet...

3. Someone already mentioned this one, but I'll put it back out here since it is in my list of likely security compromises to be performed care of Voip: Someone targets a business which takes credit card numbers all day long over Voip. The attacker records several days' worth of packets and reassembles the conversations, then listens through those recorded conversations and writes down hundreds of credit cards, maybe yours included. Then in short order all of those credit cards are maxed out with fraudulent purchases. Someone commented that they're not concerned about that because their direct liability is limited to $50 for fraudulent charges on their credit card. That's true. It does not take in to account that every single credit card purchase you make (and for that matter, every singly purchase you make by any means from any merchant which accepts credit cards, unless they charge extra fees only on credit card purchases to cover the processing fees) contains an amount in the credit card processors' fees to cover all of that >$50 liability from fraudulent charges. Did you know that when you buy something with a credit card, anywhere from 0.5% to 7% of your purchase is given up by the store to the credit card processors, issuers, banks &etc in processing fees? And some of every processing fee necessarily goes to cover fraud perpetrated by whomever against all whatever credit cards - not just yours. Nearly every purchase you make is higher because of credit card fraud, because the stores have to raise all of their prices to cover those credit card processing fees, so you should be concerned about anyone's credit card being stolen, not just yours, despite the $50 direct liability cap we all enjoy.

-Jay Libove, CISSP
Atlanta, GA, US
View user's profile Send private message
Michael545
Full Forum Member
Full Forum Member


Joined: Mar 14, 2005
Posts: 47
Location: Los Angeles

PostPosted: Mon Apr 25, 2005 12:02 am    Post subject: Reply with quote Back to top

Jay,

I think that your points 1 and 2 are well-taken and provide food for thought, although, as someone else pointed out, stealing credit card numbers is generally fairly easy to do without having to capture Voip packets (point 2). Simply stealing mail or going through someone's trash, while admittedly low-tech, is much easier and more effective.

Using someone's Vonage number might be more difficult, since most people do not turn their adapters off, the Vonage server uses MAC auth, and I doubt it will auth 2 identical MAC's simultaneously. You would almost need to hack the server to accept an unregistered MAC, which is not impossible but also not easy to do (point 1).

As for your last point - I am convinced that if we could magically eliminate all credit card fraud immediately, that would have no effect whatever on prices or interest rates - the credit card companies are too greedy to ever reduce charges to consumers or merchants.
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


All times are GMT - 5 Hours

Vonage Service Plans


Vonage VoIP Members
Members List Members
New oliviagw11
New Today 7
Yesterday 10
Total 99033

Who Is On Site
Visitors 101
Members 0
Total 101


Vonage VoIP Forum Members:
Login Here
Not a Member? You can Register Here
As a registered member you will have access to the VoIP Speed Test, Vonage Service Announcements and post comments in the
Vonage VoIP Forums

Vonage Stock Price
Value: 6.835
Change:   N/A
Up to 15 Minute Delay

Site Search
 






†AK and HI residents pay $29.95 shipping. ††Limited time offer. Valid for residents of the United States (&DC), 18 years or older, who open new accounts. Offer good while supplies last and only on new account activations. One kit per account/household. Offer cannot be combined with any other discounts, promotions or plans and is not applicable to past purchases. Good while supplies last. Allow up to 2 weeks for shipping. Other restrictions may apply.

1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.

2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.

HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments, all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details.

** Certain call types excluded.

www.vonage-forum.com is not an official Vonage support website & is independently operated.
All logos and trademarks are property of their respective owners. All comments are property of their posters.
All other www.vonage-forum.com content is © Copyright 2002 - 2013 by 4Sight Media LLC.

Thinking of signing up for Vonage but have questions?
Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074
No Vonage Promotion Code or Coupon Codes are required at www.vonage.com to receive any special,
best Vonage cheap deals, free sign up offers or discounts.

[ | | | | | ]

Vonage Forum Site Maps

Vonage | VoIP Forum | How VoIP Works | Wiring and Installation Page Two | International Rate Plans 2 | Internet Phone
Promotion | Vonage Review | VoIP | Broadband Phone | Free Month | Rebate | Vonnage | Vontage | VoIP | Phone Service
Phone | llamadas ilimitadas a Mexico | Latest News | VoIP Acronyms | Deal | Philippines Globe Phone | Site Maps

The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal.
If you are considering signing up for Vonage and have found our Vonage News, Customer Reviews, Forums
& all other parts of this site useful, please use our Vonage Sign up page.


Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 1.25 Seconds and 496 Pages In The Last 60 Seconds
The Vonage VoIP Forum