About the SIP Security Book

SIP Security Book Cover

Dear readers,

welcome to the homepage of the SIP Security book published by Wiley .

The topic of security has become rather mysterious over the years, making it difficult to distinguish fact from fiction. Internet service providers are anxious about rolling out new services and the possible negative publicity from potential security gaps. Security advisors, hired to mitigate such concerns, grow their compensation with each new threat they can credibly portray. Even if they make no real point, it is difficult to prove them wrong until an attacker does so. Sometimes one cannot resist remembering a Charlie Chaplin movie in which a window glass replacement service is launched by a teenage boy running down the street and throwing stones in windows. In short, security is a terribly mysterious topic, particularly for emerging new Internet services like SIP.

It is difficult to differentiate the information presented in security product marketing information and hyped articles from actual security threats. That’s further aggravated by the anxiety created by job loss when security incidents actually occur. However, a recent report, 2008 Attacks on VoIP Deployments in Germany, and a private email shared with us in 2007 from a befriended service provider indicate that those concerns are not justified.

Nothing escalates security problems more than misinformation. There are no silver bullets – boxes, consultants or security policies – that can substitute for a thorough understanding of security protocols and concepts. This book provides a solid foundation upon which readers can develop their own opinions. We believe it provides an exhaustive, no-nonsense source of security information and references to the topic.

This supplemental website is designed to provide readers of our book with timely information since developments take place in shorter cycles than book publishing. You will find links to SIP security software, an overview of known attacks, book errata, and more.
We would be grateful if you could provide us with feedback. Please send an e-mail to sipsecurity@iptel.org if you feel there are any aspects we should address in future editions or on this website.

Your authors,
Dorgham, John, Jiri, Ulrich and Henning