Not wood, money-saving VoIP project

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • dbhost
    Slow and steady
    • Apr 2008
    • 9209
    • League City, Texas
    • Ryobi BT3100

    #31
    Over the last year, I have been scrambling to keep up with which ciphers are still considered secure. They are dropping like flies.

    I can't respond much further to your line of discussion without slamming past the ban on politics on the forum aside to say, that it's not the best solution, it's the one that the powers that be like....
    Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.

    Comment

    • Carlos
      Veteran Member
      • Jan 2004
      • 1893
      • Phoenix, AZ, USA.

      #32
      In the internet world, the powers are everyone who can contribute to an RFC, with a little might skewed towards the universities and major providers like Google. They still go through the RFC processes. I think everyone has agreed that SSL and its variants are secure. The banks and government think so anyway.

      Also note that my main point has been that e-mail is simply more secure than fax and many other services. You must agree that sending black and white dots as open network bits with no encryption is less secure than sending complex data with high-grade encryption, no? I haven't said it's perfect, just better. Toyotas are more reliable than Yugos without having to be perfect.

      Comment

      • dbhost
        Slow and steady
        • Apr 2008
        • 9209
        • League City, Texas
        • Ryobi BT3100

        #33
        Originally posted by Carlos
        In the internet world, the powers are everyone who can contribute to an RFC, with a little might skewed towards the universities and major providers like Google. They still go through the RFC processes. I think everyone has agreed that SSL and its variants are secure. The banks and government think so anyway.

        Also note that my main point has been that e-mail is simply more secure than fax and many other services. You must agree that sending black and white dots as open network bits with no encryption is less secure than sending complex data with high-grade encryption, no? I haven't said it's perfect, just better. Toyotas are more reliable than Yugos without having to be perfect.
        Since when do 99% of internet users use any sort of encryption on their email? I can tell you without a doubt, most email systems use no encryption whatsoever. Again this is a technology that dates back to the 1970s and email encryption just wasn't a thought....

        I haven't the time, energy, or concern to go into the why, so just google the question. Is Email Secure, and start reading some articles. For the overwhelming majority of users email is plain and simple, not, nor will it ever be secure. As far as SSL being secure, it's been cracked. I have been applying TONS of SSL patches, unsigned, or self signed certificates just throw another layer of insecurity into the whole thing.

        At least with google voice, and most SIP providers, the connections are encrypted, and you are at least protected in as much as the ciphers can protect you until you hit the POTS lines. At that point, it is a matter of the security of the telephone system, which while far from perfect, presents a FAR less agreeable target environment for hackers to try to compromise....

        I am not saying that any of these technolgoies are fully secure, if I had my preferences EVERYONE would have an encryption key pair of their own, and a proper key exchange would take place for each sender and recipient of a message. As of now, that seems reserved for large businesses, governments, and drug cartels....
        Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.

        Comment

        • Carlos
          Veteran Member
          • Jan 2004
          • 1893
          • Phoenix, AZ, USA.

          #34
          Since when do 99% of internet users use any sort of encryption on their email?
          Since the servers started talking to each other with encryption because the users weren't doing it. Here you go... https://en.wikipedia.org/wiki/SMTPS

          Is a fax sent in the clear more secure than encrypted e-mail? Or is there even any reason to think that the simpler FOIP protocol is harder to intercept than even non-secure SMTP?

          Comment

          • woodturner
            Veteran Member
            • Jun 2008
            • 2047
            • Western Pennsylvania
            • General, Sears 21829, BT3100

            #35
            Originally posted by Carlos

            Since the servers started talking to each other with encryption because the users weren't doing it. Here you go... https://en.wikipedia.org/wiki/SMTPS

            Is a fax sent in the clear more secure than encrypted e-mail? Or is there even any reason to think that the simpler FOIP protocol is harder to intercept than even non-secure SMTP?
            There are reasons why the wiki is not considered a reliable source :-)

            As that article notes (correctly as it turns out), the encryption is between servers - so still unencrypted until it gets to an encrypted server. Also as noted, the key is communicated - and that is the weak link. A "man in the middle" or "playback" attack are two simple methods to defeat SMTPS (as well as most other internet security protocols). FWIW, tools to intercept and decrypt email are readily available on the dark web.

            The fax is more secure because is it encoded and encrypted in a basic form, at a minimum. FOIP and VOIP packets are also routed differently in the network, due to FCC service requirements, and that provides a greater measure of security simply because they are only routed through P2P protocols rather than broadcast protocols.

            Last edited by woodturner; 06-12-2018, 06:34 AM.
            --------------------------------------------------
            Electrical Engineer by day, Woodworker by night

            Comment

            • Carlos
              Veteran Member
              • Jan 2004
              • 1893
              • Phoenix, AZ, USA.

              #36
              It is also encrypted from the client to the server.

              Faxes are not encrypted at all. And it's ridiculous that you're telling me that these packets are differentiated since MY BUSINESS is transporting BOTH on the same networks. There's no requirement to separate them, and most people do not. I have no idea where you get things like P2P and broadcast protocols. It's simply wrong. Fax uses SIP just like voice uses SIP. We transports them ON THE SAME SERVERS side by side. It's just a line that says "hey, you dialed the fax number, send this to the fax module instead of to a phone."

              You seriously are under a lot of misunderstandings. I welcome you to come have a look at our infrastructure. I also find it disheartening on a human and societal level that people who aren't in my industry are willing to tell me I'm not actually doing what I'm doing, every single day. Pretty weird, really.

              Comment

              • dbhost
                Slow and steady
                • Apr 2008
                • 9209
                • League City, Texas
                • Ryobi BT3100

                #37
                Originally posted by Carlos

                Since the servers started talking to each other with encryption because the users weren't doing it. Here you go... https://en.wikipedia.org/wiki/SMTPS

                Is a fax sent in the clear more secure than encrypted e-mail? Or is there even any reason to think that the simpler FOIP protocol is harder to intercept than even non-secure SMTP?
                Uh, yeah, okay.... So you are asserting that the majority of mail servers are using any sort of encryption? Cute thought. But no. And I sure as God made little green apples will not use wikipedia for any sort of authoritative source.... I am quite familiar with SMTPS though...

                Webmail maybe, as most of those are using https (SSL) front ends, but regular old POP / SMTP mail? Nope, ain't happening for 99% of the world... So yeah, you are encrypted logging into Gmail or Outlook.com for example, but once the mail gets sent FROM therere, and it is out on the internet, most ISPs are still using POP, IMAP, SMTP type servers. There are so called S variants of each that attempt to utilize some security, but most ISPs and almost all smaller businesses are NOT using them... You gotta remember, for 99% of users out there, anda a HUGE chunk of the business workld, IT security is too hard to deal with and FAR too expensive to put any real effort into. For almost all home users, and many small businesses, and even a good number of large enterprises, the risks inherent in poorly managed IT security do not outweigh the host in mitigating those risks. Until a breach does massive damage to their business and..... well we can keep doing down that rabbit hole until I retire without coming to any good solution....

                Now that we have flogged this poor dead horse for a while, can we just call this a matter of. The powers that be still require certain types of documents to be faxed. A cheap Voip adapter, combined with Google Voice and an already existing all in one print, scan, fax machine provides that service... No claim was made this was the latest tech, or the best solution, just the one that meets a need for small businesses, and those of us that have some years on us and deal with medical issues a great deal....
                Last edited by dbhost; 06-12-2018, 11:04 PM.
                Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.

                Comment

                • Carlos
                  Veteran Member
                  • Jan 2004
                  • 1893
                  • Phoenix, AZ, USA.

                  #38
                  Google, Yahoo, and all the major ISPs are using encryption by default. Exchange does it by default. So it's hard to fathom how "most" people are using the other services and software which are not. And once again, fax has zero encryption, ever, and remains less secure no matter how much we say that e-mail *might* not be secure.

                  Comment

                  • woodturner
                    Veteran Member
                    • Jun 2008
                    • 2047
                    • Western Pennsylvania
                    • General, Sears 21829, BT3100

                    #39
                    Originally posted by Carlos
                    I also find it disheartening on a human and societal level that people who aren't in my industry are willing to tell me I'm not actually doing what I'm doing, every single day.
                    Sadly, as with any business, a lot of IT folks do poor work and don't follow the rules. If you are really in the business, it's hard to understand how you are so seriously misinformed about so many things.

                    AGAIN, it's best to just agree to disagree. I cannot practically teach you this technology on a forum and I am not willing to make the attempt.

                    --------------------------------------------------
                    Electrical Engineer by day, Woodworker by night

                    Comment

                    • Carlos
                      Veteran Member
                      • Jan 2004
                      • 1893
                      • Phoenix, AZ, USA.

                      #40
                      LOL. I forwarded some of this stuff to our top-level SIP consultant. The guy who gets flown around the world by various companies to design and validate their infrastructure. The guy who has been recognized as a leader in his niche for a very long time. He assures me you're trolling me, and I have to say, usually I can spot that, but you win this time. You got me.

                      In the off chance that you're actually serious, look up "Intelliquent" and see that they are one of the largest SIP carriers, providing VoIP/FoIP interconnect to smaller carriers like us. THEY, as a major carrier, put all of the fax and voice on the same network, right along with email and everything else. Apparently since you know more, you should call them and offer your services to "fix" their network.

                      Comment

                      • woodturner
                        Veteran Member
                        • Jun 2008
                        • 2047
                        • Western Pennsylvania
                        • General, Sears 21829, BT3100

                        #41
                        Originally posted by Carlos
                        you're trolling me

                        I agree there is a troll here, but it is not me. The facts I posted are accurate, you are entitled to your own opinion but not your own facts.

                        I originally gave you the benefit of the doubt, but since you continue to make factually incorrect statements, I won't waste further time discussing with you. I want to respect the board rules even if you refuse, so it's best not to talk with you.
                        --------------------------------------------------
                        Electrical Engineer by day, Woodworker by night

                        Comment

                        • Carlos
                          Veteran Member
                          • Jan 2004
                          • 1893
                          • Phoenix, AZ, USA.

                          #42
                          Fact:

                          look up "Intelliquent" and see that they are one of the largest SIP carriers, providing VoIP/FoIP interconnect to smaller carriers like us. THEY, as a major carrier, put all of the fax and voice on the same network, right along with email and everything else.
                          I can know this to be absolutely true, since I can see the faxes and the calls arriving from them from the same IPs over the same networks. Simple, easy to prove fact. In fact, indisputable fact.

                          I just arrived at the email security conference. Gonna be fun.

                          Comment

                          • dbhost
                            Slow and steady
                            • Apr 2008
                            • 9209
                            • League City, Texas
                            • Ryobi BT3100

                            #43
                            Gents, it's best we drop this line of discussion. No good is coming from this....
                            Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.

                            Comment

                            • Carlos
                              Veteran Member
                              • Jan 2004
                              • 1893
                              • Phoenix, AZ, USA.

                              #44
                              Five days after the last post you bring it up again to tell us to drop it??? Seriously?

                              But now that you mentioned it... Yesterday I got a fax that contained someone's pre-nup, will, and personal account info from a lawyer. Wasn't for me. They got the number wrong, and that coincided with my fax machine. They just exposed a person's whole life to me. If it were e-mail, which is generally based on a name or similar, it would be much harder to just randomly have a typo match someone else's info.

                              Comment

                              • Carlos
                                Veteran Member
                                • Jan 2004
                                • 1893
                                • Phoenix, AZ, USA.

                                #45
                                I spent last week at the annual conference for professionals running the server software we use. I was asked to co-present "common misconceptions about VoIP and Fax." Our industry has been pushing for fax to die as it should, but it hangs on mostly because of misconceptions. The presentation/discussion panel was about how to try to start dispelling myths so technology can move forward. I pulled quotes from this thread and they were good for some uproarious laughter from the people in telecom. Many free drinks were purchased for me, and a few asked to read the whole thread. So, thanks.

                                Comment

                                Working...