Per Jessen wrote:
Two risks -
1) the SIP sign-on (userid+password) is, AFAIK, not encrypted, so it could be intercepted, giving someone access to use our internal system. 2) brute force attack trying to guess the password. It is easily countered, but we had a case last year where someone managed to guess a SIP userid+password. It meant a slightly higher phone-bill that month:-)
Those problems have existed for years and are not unique to VoIP. Many companies have discovered large long distance bills when someone found out how to access their trunks. Last I heard, touch tones aren't encrypted either, so it's easy enough for someone to capture the dialed digits. Touch tone decoder chips are readily available. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org