[VoiceOps] PCI Compliance and VoIP

Jay Hennigan jay at west.net
Thu Oct 20 22:55:22 EDT 2011


On 10/20/11 6:07 AM, Hiers, David wrote:
> I've no doubt that they are correct; card information encapsulated in a codec needs to be encrypted over unsecure networks, which includes the Internet.
> 
> We can safely assume that they are in contact with the PCI standards people, and getting advice from other PCI compliant entities. 

But is not the analog/TDM PSTN also a public, insecure, unencrypted
network?  What's more difficult, tapping an analog phone line with a
simple recorder coupler from Rat Shack or intercepting a specific RTP
stream over a random route mixed in with gigabytes of pornography and
other assorted cruft?

It boggles how people who think nothing about using cordless phones are
so paranoid about VoIP security over the Internet.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV


More information about the VoiceOps mailing list