products
products
sitemap
Fundamentals of VoIP
Technical Information
VoIP Solutions Information
VoIP Services Information
Free Newsletter

Stay updated, sign up for our free newsletter to receive useful tips

Full Name
Email Id

sign up

Secure VoIP: A Distant Reality

There are two types of thefts service and identity

Theft of service deals with gaining private information and using them.
  • Phishing to steal Account information.
  • Credit card information
  • Personal information is stolen.
  • Toll Fraud/financial loss
  • Loss of email service
  • Usage of someone else’s wireless network to gain access to internet
Areas that are susceptible
Rate this Article
  Excellent

  Good

  Average

  Bad

  Terrible

rate

Current Rating

  • Credit cards
  • Internet account information
  • Personal information that can be used.
  • Wireless networks
Those who are susceptible are those who do not use proper authentication methods and who unknowingly part with personal information. Some means to prevent this from happening are
  • Use Authentication features of VOIP protocols
  • Encryption
  • Physical security
  • Secure wireless networks
Weakness In VoIP
It is very often that new technologies come without any proper infrastructure or organization. As the technology begins to gain popularity and more people begin using it problems and flaws are found. Either the new technology has to be run with existing older technologies that compromise its features or the new technology is scrutinized for flaws by unscrupulous elements. Many weakness and flaws have been notices with VoIP related technology that have compromised Voip security
  • Older firewalls cannot work interactively with VoIP. This leaves software ports open allowing hacker to exploit these.
o This can be minimized with Intrusion detection present on systems. This can lead to detection of the hacker before major damage is done.
  • Some applications are offering VoIP interexchange with PBX’s, other applications are blurring boundaries. A situation is created where it is difficult to tell where your network ends and where the internet begins. This will create monitoring problems for administration.
o Many applications are trying to solve problems in VoIP with authenticated sessions and encryption. If you do not have this then look for a better solution.
Protocol Problems H.323
  • This is a set of complex protocol and uses many other associated protocols to achieve the traversal of voice across networks. The vulnerabilities have been noticed in H.225 are denial of service and execution of code.
  • Firewalls with H.323 are a problem as it relies with dynamic ports. And therefore packet filtering firewalls are not a viable solution
  • H.323 also has vulnerabilities that need to be addressed. These are denial of service attacks, buffer overflow and insertion of malicious code into compromised equipment.
  • ASN.1 parsing is also another major problem of H.323. According to US CERT VU#749342, a denial of service or execution of arbitrary code could be possible due to this. Patches have come but are not yet tested out.
Sessions Initiation Protocol
  • SIP has problems with Firewalls and NAT
  • It is text based protocol secrecy of the originator and terminator is not there and is easy to modify. Spoofing is easy and denial of service can be implement by a spoofed ‘BYE’
  • INVITE message processing in SIP has many Denial of Service vulnerabilities which can also allow the hacker to gain unauthorized access to the affected device.
Real Time Transport protocol
  • RTP uses dynamic UDP ports thus leaving many open ports. Anyone can use these open port to break into the system. This could allow a denial of Service attack. Placing the IP based phone behind the firewall would be the best solution.
  • Firewalls and NATs make it difficult to receive incoming calls. These devices can affect QoS and can wreak havoc with the RTP stream.
VOIPSA
The Voice over IP Security Alliance (VOIPSA) is a collaboration of VoIP and Information Security vendors, providers, and thought leaders that aim to fill the void of Voip security.

voip solution architecture, voip security, voip phone company are ways of a secure voip.

VOIPSA promotes Voip security research, creates awareness on Voip security through education, and offers free VoIP testing methodologies and tools. Potential dangers to VoIP have been identified and it has also identified potential problems in new technologies like Wi-Fi wireless LANs and aims at preventive measures. It includes Verizon Communications, Nortel Networks, VeriSign, Price water house Coopers, and about 50 other vendors and service providers. Though it is a move in the positive direction the absence of major players like CISCO and Microsoft is a dampener.

Many initiatives to improve Voip security is in process and it will be a matter of time when enterprises and residential users feel secure when using VoIP.

Related Articles
IP Telephony Problems & Challenges – How Long Is The Party Going To Last?
Which VOIP Protocol To Use
Convergence of Voice And Data Networks: VoIP Architecture
Effective Bandwidth Management: Qos For VoIP

Bookmark this Page Email this to your friend Add this page to del.icio.us
Suggest an Article

Haven´t found the article you are looking for, please suggest your article. We value all your suggestions and comments

submit
Home        Privacy Policy    Disclaimer            Contact Us     Copyrights
©Copyright 2008 voiplobby.com All Rights Reserved. Read legal policy and privacy policy.