Blocking sniffers from catching SIP/VoIP traffic

975 pts.
Tags:
Active Directory 2003
Active Directory security
Ethereal
SIP
VoIP
Windows Server 2003
Windows Server 2003 security
Wireshark
Can we block wireshark or ethereal from being able to run on our Windows 2003 Active Directory network? We want to block sniffers from catching sip/VoIP traffic.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Koohiisan
    That's going to be a difficult process. You can block users from installing their own software, but a rogue user could bring in a laptop with Wireshark already on it. You can only run whitelisted apps, but that becomes a pain as well. One question is: how much would they really have access to? As I understand it, in order to catch everything, they would need to be connected to a switch port that acts as a repeater for everything that switch processes. On our switches, there are no such ports by default. Conversely, they could sniff wirelessly, but then only have access to the wireless signals. (am I correct in that?) So, while still dangerous, it may be limited in scope. Besides, shouldn't SIP/VoIP be encrypted?
    5,020 pointsBadges:
    report
  • Labnuke99
    You can sniff on a switched network by using ARP poisoning. Unless MAC address filteriing is enabled on the network, there really is not much protection against ARP poison (Man In The Middle) attacks on a switched LAN.
    32,960 pointsBadges:
    report
  • Koohiisan
    @Labnuke99 I didn't realize ARP spoofing/poisoning could do that...learn something new everyday! :) Although, that fact may complicate the life of the OP...
    5,020 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following