By Himanshu Kapadia
VoIP (Voice over IP) services have been widely adopted by businesses of all sizes. As it applies to any popular technology, VoIP is getting attention from people with the wrong intensions.? As VoIP becomes a more and more common enterprise solution, it becomes more lucrative for people to exploit. VoIP uses IP transport so it?s vulnerable to all threats related to IP but it has some other specific threats as well.
Let?s take a look at the three primary questions we need to ask ourselves about VoIP, specifically the ?why, what and how of VoIP security.
Why Do We Need VoIP Security?
Here are a few examples of how VoIP vulnerabilities can be exploited:
Call Fraud ? By taking advantage of VoIP vulnerability hackers can send calls pretending to be someone else and can route long distance, international and premium rate calls. This can cause major financial loss in very short time. Fraud is a common problem across all industries, but it has become a major issue for VoIP users and providers.
Phishing over VoIP ? Phishing is very common in email world. Phishers use social engineering to get consumers? identities or account credentials. In VoIP world where phishers can spoof ?calling party identity?, these attempts become more effective. Also, the nature of VoIP makes it more difficult to track and catch such callers.
Eavesdropping ? This is a common way for someone to steal credentials, identities and proprietary information. By eavesdropping on VoIP calls hackers can steal phone numbers and account pin numbers allowing them to get control of users? accounts.
Other common security threats against VoIP are SPIT (Spam over Internet Telephony) and DoS attacks, which can interrupt service.
What Do We Need to Secure?
So now we know some of the different ways VoIP vulnerability can cause major financial losses and service interruption. We?re now going to look at what to secure in VoIP.
VoIP uses SIP (Session Initiation protocol) for signaling. This is a very effective signaling protocol but it?s text-based. If you can capture IP packets during a call setup process, you can easily go through captured packets using a basic protocol analyzer (please see my previous blog Basic Tools for VoIP Troubleshooting ?for more details on protocol analyzer) to get calling numbers, called numbers, user names and other kinds of information.
You can also capture media packets during a call which uses the RTP (Real-time Transport Protocol) method. It?s very easy to recreate audio streams using captured RTP packets. Again, a basic protocol analyzer can do it without requiring much expertise. This is a huge problem for an enterprise and their proprietary information.
To make VoIP secure we need to make sure that signaling and media is secure and fail proof against any security attacks.
How Can We Secure VoIP?
There are many ways to address security threats against VoIP. As mentioned before VoIP calls use IP as a means of transport. We can apply all measures currently out there to secure an IP link to VoIP.? In terms of SIP services, some providers offer their services over the public internet which is difficult to secure. Other providers offer SIP services over IP-VPN (for example MPLS based IP-VPN) that segregate customers? VoIP traffic from other customers? traffic and the public Internet, which is more secure then over a public Internet solution.
Another level of security is protocol-based security. VoIP technology provides an encryption mechanism for both signaling and media. SIP can be run over TLS (Transport Layer Security) which is very common and a standard practice for web browsing. Media can be encrypted by following the SRTP (Secure Real-time Transport Protocol) mechanism. It?s one of the highest levels of security you can currently get for VoIP.
The first step you need to do to secure your network is to know the vulnerabilities of your network and know how you can address them.? Hopefully this basic information discussed here will help you move towards making your VoIP network more secure.
Do you have any questions about how to secure your VoIP platform?
Free White Paper:
10 Steps to a Successful VoIP Implementation
This free 15-page guide will take you through the key requirements to make business VoIP a reality for your organization.
Download Now
Category : Communications, Industry Trends, VoIP
stoudemire jordan hill tony nominations dark knight trailer delmon young dallas mavericks washington capitals
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.