VOIP SECURITY ISSUES AND RECOMMENDATIONS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "VOIP SECURITY ISSUES AND RECOMMENDATIONS"

Transcription

1 VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) ; ABSTRACT VoIP is the hottest trend in telecommunications. Prior research shows that the VoIP technology is at the introductory stage in technology adoption with solid growth expected over the next few years as both consumers and businesses adopt VoIP technology to cut costs, improve productivity and efficiency, integrate with other applications, seek enhanced capabilities, and digital convergence. But, security issues tend hinder its adoption. In this study, we identify VoIP security challenges, risks and threats, and offer some recommendations for mitigating these risks. Keyword: MIS, IT, Security, VoIP INTRODUCTION Voice over Internet Protocol (VoIP) is the hottest trend in telecommunications (Walsh & Kuhn, 2005). VoIP is the transmission of voice over traditional packet-switched IP networks (Walsh & Kuhn, 2005). VoIP is also known as Internet telephony or IP Telephony. The analog signals (voice) are converted digitized packets and then sent over a IP network. The digital packets have a destination address but they follow no fixed path. At the destination packets are re-assembled and delivered. To enable VoIP, broadband access, a computer, and software are required. Additional hardware such as servers, switches, routers, and others may be required depending on the volume and nature of traffic. Readers are urged to consult VarShney, Snow, McGivern, & Howard (2002) for an excellent review of the VoIP history and technology. VoIP permits the integration of data, voice, and video into one communication channel. The term digital convergence refers to this phenomenon of multiple media delivered over a single network. Some of the applications and services include PC based distance learning solutions, video conferencing, live webcasting, video streaming, collaboration and team management software, security surveillance, contact center applications, remote multimedia solutions and unified messaging ((Tobin & Bidoli, 2006). To compete in the new economy firms including are looking at many strategic options. Recent events suggest that firms in particular large ones are exploring the use of Voice over Internet Protocol (VoIP) as a means to cut costs, to improve productivity, and the firm s strategic position. The use of VoIP enables a firm to reduce costs, improve worker and organizational

2 productivity, provide greater functionality and better integration with computer based applications, and improve the strategic position of the firm. Recent studies project VoIP market to grow (Roberts, 2005a) significantly over the next few years. An Osterman Research Report dated February 2005 suggests that VoIP penetration of US organizations will increase from 10% to 45% by the end of Another Osterman Research Report, also dated February 2005 suggests that approximately 17% of US organizations have either completed voice and data convergence or are near completion. A Juniper Research report dated September 2004 forecasts that VoIP adoption will rise to 17% of US households by 2009 from its current value of 1% of all US broadband households in The factors that promote the growth of VoIP include low cost of the software, wide availability of analog adapters, growing availability of broadband, and relative high costs for traditional calls (Roberts, 2005a). VoIP security is a major issue to both Network administrators and managers. A security outbreak is likely to result in loss of service, denial of service, eavesdropping, spoofing, toll fraud, spam, unavailability of emergency calls. Research shows that VoIP security continues to be the key barrier to VoIP adoption (Sass, 2006). The practitioner literature is rich with How to articles on VoIP security. As security plays a key consideration in VoIP acceptance and adoption, the purpose of this article is to review the literature, identify security risks, and suggest recommendations. This article is organized interms of 6 sections. Next, we discuss VoIP adoption issues. In section 3, we discuss VoIP security implementation challenges. In section 4 identify and catalog VoIP security threats. Guidelines for securing a VoIP network are in section 5. In section 6 we provide some summary remarks. BACKGROUND TO VOIP & VOIP SECURITY IMPLEMENTATION CHALLENGES Transition to a VoIP network increases the risk profile of a corporate network due to complexity, the presence of new access points to the network, new routing patterns and configurations, the use of new devices and protocols which in turn increases the number of vulnerable points, and the presence of a new channel for blended threats (Roberts, 2005b). Walsh and Kuhn (2005) identify several challenges associated with implementing VoIP security measures. These challenges deal with supporting protocols, VoIP vs. data network security, and the need for new technologies. Below we provide a brief description of these challenges as noted in Walsh and Kuhn (2005). H.323 and Session Initiation Protocol (SIP) are the common protocols used in VoIP networks. H.323 is based on the recommendations of the International Telecommunication Union. It encompasses other protocols such as H.225, H.245, and T.120. H.323 provides the necessary specification for audio and video communication in packetized network environment. In addition to its use in VoIP, H.323 is also used in applications such as NetMeeting and Ekiga. SIP is an application level protocol and is the IETF specification for a two way communication session. Initially SIP was designed to be simple and elegant. It is text based and inherited some

3 aspects of Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) (Roberts, 2005). But, over the years SP has become more complex. Readers are urged to visit the sites and for additional information on these two protocols. As the architecture of the two networks are different, the need to implement different protocol specific security mechanisms arises. The addition of upper layer protocols and messaging structures increases the threat profile of the already flawed IP protocol (Sass, 2006). Many configurable parameters such as addresses of voice terminals, routers, and firewalls exist in a packet network. VoIP networks also have specialized software such as call managers. As a VoIP network has dynamically reconfigurable parameters, many dynamically configurable parameters exist. When compared to data networks, these add additional complexity of VoIP networks. The stricter performance constraints of VoIP also pose additional VoIP security concerns. Issues pertaining to Quality of Service (QoS), Infrastructure, and Security trade offs highlight the differences between VoIP and data networks. The need to maintain appropriate level of QoS poses some restrictions on security. VoIP networks are mores sensitive to delays than data networks. Latency, jitter, and packet loss all present concerns within a VoIP network. Latency is the delay in packet delivery. Security implementation mechanism such as encryption and firewalls while providing a means to secure the network also introduce delay in network traffic. Such delays can cause the VoIP message to become a mess. VoIP relies on Real Time Transport Protocol (RTP) which does not guarantee packet delivery. Even a packet loss of 1% can make the VoIP call meaningless and thereby affecting the QoS. Jitter is jitter is the variation in the time between packets arriving, caused by network congestion, timing drift, or route changes. A jitter buffer can be used to handle jitter ( Buffer overflows and improper packet handling can cause security flaws such as Denial of Service and disclosure of system critical information. As VoIP and data are on the same network, opportunities for eavesdropping exist. Buffer overflows can also cause the insertion of malicious code within the VoIP software. The availability of network information on IP phone can cause security flaws such as downloading from a hacker controlled server. Privacy issues and denial of service (DoS) issues may surface if VoIP web based applications have weak access control, script vulnerabilities, and inadequate parameter validation. The convergence of voice and data traffic may enable hackers to manipulate or functioning of the phone system. Firewalls are used routinely in many network to protect a network. The use of such firewalls may interfere with the operations of a VoIP network which uses dynamic port trafficking and call setup procedures. Newer tools such as Application Level gateways (ALG) may be able overcome this issue by providing firewalls with necessary instructions from an application aware agent.

4 VOIP SECURITY RISKS, THREATS, AND VULNERABILITIES Several techniques and methodologies exist for classifying VoIP security threats. Radware (2005) categorizes the security threats as attacks on VoIP network operating system devices, configuration weaknesses, IP infrastructure attacks, VoIP protocol implementation vulnerabilities, and VoIP application level attacks. Mihai (2006) classifies the threats in terms of protocol layers signaling, transport, and application. The threats pertaining to the signaling protocol layer are denial of service, man in the middle/call hijacking. Transport layer threats arise from eavesdropping, RTP insertion attacks, and RTCP insertion attacks. Application layer threats pertain to software vulnerabilities. Roberts (2005b) links the security threats to QoS and categories the threats interms of service disruption, service interception, and service fraud and abuse. Roberts also notes the presence of other threats such as fire, flood, earthquake, poorly trained users, and environmental threats. The VoIP Security Alliance (VoIPSA) a consortium of major vendors, providers, security leaders, and business leaders recently released a report on a taxonomy for classifying VoIP security and threats. The alliance defines security as 1) the right to protect privacy, 2) a method of achieving privacy and 3) ways to keep communication systems and content free from unauthorized access, interruption, delay or modification. The security threats are grouped interms of unlawful monitoring (traffic analysis, packet snooping, spying on signaling, and eavesdropping on content), interruption of service (specific denial of service, general denial of service, physical intrusion, loss of power, and performance latency), unauthorized signal or traffic modification (spoofing and impersonation, false caller identification, signal replay, vocal impersonation, vocal replay, service abuse, improper bypass of adjustments to billing, and improper access to service) and bypassing refused consent. A large number of threats exist as shown in Table 1. We outline the major ones. A proper knowledge of these threats facilitates the development of security recommendations which are provided in the next section. GUIDELINES FOR SECURING THE VoIP NETWORK The following guidelines based on Kuhn, Walsh, & Fries (2005) and Sass (2006) may serve to protect the network from the threats noted previously. 1. To ensure security and adequate performance dedicated VoIP components are necessary. 2. To isolate attacks voice and network traffic should be separated and use DNS/DHCP servers. 3. Ports should have separate MAC addresses and any unused ports should be disabled.

5 4. Appropriate network architecture should be developed. To mitigate the security problems, Internet Protocol Security (IPsec) virtual private network or secure shell for remote management and auditing and encryption at the router or gateway. 5. As VoIP networks provide greater latitude for eavesdropping and monitoring traffic, physical controls needs to be present and implemented. The hardware should be physically secured. 6. The VoIP operating system should be kept up to date any unneeded service should be disabled. 7. Encrypted and authenticated communication between network components is vital. 8. Hosts on switched ports should not be able to or be aware of traffic not intended for them. 9. If situation warrants, the use of soft phone applications should be discouraged to ensure that these applications with a PC which uses a software and a voice headset. Worms, viruses, and web browser flaws may pose risks for softphone applications. 10. The statutory requirements for VoIP calls may be different for VoIP calls from traditional calls. Legal advice may be necessary for privacy and record retention issues. 11. Use VoIP ready firewalls and other strategies and security mechanism need to be used to prevent packet sniffing. 12. Additional power backups maybe necessary to ensure smoothing functioning should power outages occur. 13. If the need to integrate mobile phone with VoIP system exists, then it is recommended that WiFi Protected Access (WPA) security protocol be used than Wired Equivalent Privacy (WEP) protocol. 14. Firewalls are required if the traffic flows between voice and data networks. SUMMARY REMARKS VoIP is a newest technology and researchers speculate that its use could provide rewards to both the individual and the organization. The Telecom Insider newsletter identifies the following seven VoIP trends for 2006 that will have a bearing on its adoption. These include a possible retaliation by Internet access providers who may block VoIP calls, consolidation and partnerships, growth in broadband penetration, growth in wireless use, Session Initiation Protocol (SIP) to become the standard for delivering VoIP calls, regulatory threats, and availability of sophisticated multimedia applications. The main issue that dampens its widespread acceptance and adoption is security. The purpose of this study is to identify security threats and suggest some guidelines for improving security.

6 While many of these recommendations are from practitioner sources, it is not clear whether they will adequately negate the security threats. A great deal of academic work needs to be conducted before verifiable security recommendations leads to widespread acceptance of VoIP technology. Available upon request from the author. REFERENCES Term Call Black Holing Call Pattern Tracking Call redirection and hijacking Call Rerouting Conversation Alteration Conversation Degrading Conversation Impersonation and Hijacking Conversation Reconstruction Denial of Service Eavesdropping False Caller Identif. Fax Alteration Fax Reconstruction Message integrity Number Harvesting Packet spoofing and masquerading Replay attacks Rogue device Service abuse Text Reconstruction Toll fraud Traffic Capture Voice mail bombing (Vbombing) Video Reconstruction Voic Reconstruction Definition Any unauthorized method of dropping, absorbing or refusing to pass IP or another essential element in any VoIP protocol which has the effect of preventing or terminating a communication. The unauthorized analysis by any means of any traffic from or to any node or collection of nodes on the network. It includes monitoring and aggregation of traffic for any form of unauthorized pattern or signal analysis. A call intended for one user is redirected. Any method of unauthorized redirecting of an IP or other essential element of any VoIP protocol with the effect of diverting communication. Any unauthorized modification of any of information in the audio, video and/or text portion of any communication, including identity, status or presence information. The unauthorized and intentional reduction in quality of service (QoS) of any communication. The injection, deletion, addition, removal, substitution, replacement or other modification of any portion of any communication with information which alters any of its content and/or the identity, presence or status of any of its parties. Any unauthorized monitoring, recording, storage, reconstruction, recognition, interpretation, translation and/or feature extraction of any audio or voice portion of any communication including identity, presence or status. An attack on a system that causes loss of service to the users of that system. The unauthorized interception of voice packets or RTP media streams and the decoding of signaling messages and the intercepted data The signaling of an untrue identity or presence. Any unauthorized modification of any of information in a facsimile or other document image, including header, cover sheet, status and/or confirmation data. feature extraction of any portion of any document image in any communication including identity, presence or status. Compromise where the data has been altered in transit The authorized collection of IDs, which may be numbers, strings, URLs, addresses, or other identifiers in any form which represent nodes, parties or entities on the network. Packet or person impersonation which may include fake Caller ID and phishing attempts Retransmission of a legitimate session so the recipient device reprocesses the data A misconfigured or unauthorized device or a device about to fail and displaying aberrant behavior. The use of Corporate systems in a manner for which it was not intended. feature extraction of any portion of any text in any communication including identity, presence or status. The theft of telephony services. The unauthorized recording of traffic by any means and includes packet recording, packet logging and packet snooping for unauthorized purposes. The delivery of multiple voice mail messages (possibly thousands) to a VoIP device and is unique to VoIP networks. feature extraction of any portion of any moving images in any communication including identity, presence or status. feature extraction of any portion of any voice mail message. Table 1: VoIP Security Threats Definitions from Roberts (2005b) and VoIPSA

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Security issues in Voice over IP: A Review

Security issues in Voice over IP: A Review www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu

More information

Security and Risk Analysis of VoIP Networks

Security and Risk Analysis of VoIP Networks Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

FDIC Division of Supervision and Consumer Protection

FDIC Division of Supervision and Consumer Protection FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering

More information

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Business Phone Security. Threats to VoIP and What to do about Them

Business Phone Security. Threats to VoIP and What to do about Them Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP INTERNET VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

T.38 fax transmission over Internet Security FAQ

T.38 fax transmission over Internet Security FAQ August 17, 2011 T.38 fax transmission over Internet Security FAQ Give me a rundown on the basics of T.38 Fax over IP security. Real time faxing using T.38 SIP trunks is just as secure as sending faxes

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

SS7 & LTE Stack Attack

SS7 & LTE Stack Attack SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network

More information

VoIP Security Threats and Vulnerabilities

VoIP Security Threats and Vulnerabilities Abstract VoIP Security Threats and Vulnerabilities S.M.A.Rizvi and P.S.Dowland Network Research Group, University of Plymouth, Plymouth, UK e-mail: info@network-research-group.org This paper presents the

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

Receiving the IP packets Decoding of the packets Digital-to-analog conversion which reproduces the original voice stream

Receiving the IP packets Decoding of the packets Digital-to-analog conversion which reproduces the original voice stream Article VoIP Introduction Internet telephony refers to communications services voice, fax, SMS, and/or voice-messaging applications that are transported via the internet, rather than the public switched

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

ETM System SIP Trunk Support Technical Discussion

ETM System SIP Trunk Support Technical Discussion ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network Release: 1 ICTTEN5168A Design and implement an enterprise voice over internet protocol and

More information

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP technology has the tech geeks buzzing. It has been touted as: - the killer of telecoms - a solution

More information

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport

More information

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP

More information

Multi-layered Security Solutions for VoIP Protection

Multi-layered Security Solutions for VoIP Protection Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper

More information

VoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide

VoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide VoIP: The Evolving Solution and the Evolving Threat Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide VoIP: The Evolving Solution and the Evolving Threat An ISS Whitepaper 2

More information

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes. This unit has 6 learning outcomes. 1. Know telephony principles. 1.1. Demonstrate application of traffic engineering concepts Prioritization of voice traffic Trunking requirements Traffic shaping. 1.2.

More information

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office Voice over Internet Protocol Kristie Prinz The Prinz Law Office I. What is Voice over Internet Protocol ( VoIP )? Voice over Internet Protocol ( VoIP ) is a technology, which facilitates the transmission

More information

General Policy Statement:

General Policy Statement: General Policy General Policy Statement: The following policies apply to mass- market broadband Internet services offered by Chat Mobility. It is Chat Mobility s policy to provide robust and reliable access

More information

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP)

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP) 2010 White Paper Series Top Ten Security Issues Voice over IP (VoIP) Top Ten Security Issues with Voice over IP (VoIP) Voice over IP (VoIP), the use of the packet switched internet for telephony, has grown

More information

Villains and Voice Over IP

Villains and Voice Over IP Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...

More information

VOIP Security Essentials. Jeff Waldron

VOIP Security Essentials. Jeff Waldron VOIP Security Essentials Jeff Waldron Traditional PSTN PSTN (Public Switched Telephone Network) has been maintained as a closed network, where access is limited to carriers and service providers. Entry

More information

Threats to be considered (1) ERSTE GROUP

Threats to be considered (1) ERSTE GROUP VoIP-Implementation Lessons Learned Philipp Schaumann Erste Group Bank AG Group IT-Security philipp.schaumann@erstegroup.com http://sicherheitskultur.at/ Seite 1 Threats to be considered (1) Eavesdropping

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance Valerie J.M. Watzlaf, PhD, RHIA, FAHIMA, Sohrab Moeini, MS, and Patti Firouzan, MS, RHIA Department of Health Information

More information

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Hosted Voice. Best Practice Recommendations for VoIP Deployments Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband

More information

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems Managing Information Systems Seventh Canadian Edition Laudon, Laudon and Brabston CHAPTER 8 Securing Information Systems Copyright 2015 Pearson Canada Inc. 8-1 System Vulnerability and Abuse Security:

More information

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud 2004-3-167 Supervisor: Prof.Dr. Shawkat K.Guirguis

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud 2004-3-167 Supervisor: Prof.Dr. Shawkat K.Guirguis Alexandria University Institute of Graduate Studies and Research Department of Information Technology. Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud 2004-3-167 Supervisor: Prof.Dr. Shawkat

More information

VOIP Attacks On The Rise

VOIP Attacks On The Rise VOIP Attacks On The Rise Voice over IP (VoIP) infrastructure has become more susceptible to cyber-attack due to the proliferation of both its use and the tools that can be used for malicious purposes.

More information

VOIP TELEPHONY: CURRENT SECURITY ISSUES

VOIP TELEPHONY: CURRENT SECURITY ISSUES VOIP TELEPHONY: CURRENT SECURITY ISSUES Authors: Valeriu IONESCU 1, Florin SMARANDA 2, Emil SOFRON 3 Keywords: VoIP, SIP, security University of Pitesti Abstract: Session Initiation Protocol (SIP) is the

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Why E.T. Can t Phone Home? Security Risk Factors with IP Telephony based Networks

Why E.T. Can t Phone Home? Security Risk Factors with IP Telephony based Networks Why E.T. Can t Phone Home? Security Risk Factors with IP Telephony based Networks Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com November 2002 Abstract IP Telephony

More information

Implementing VoIP monitoring solutions. Deployment note

Implementing VoIP monitoring solutions. Deployment note Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and

More information

VoIP / SIP Planning and Disclosure

VoIP / SIP Planning and Disclosure VoIP / SIP Planning and Disclosure Voice over internet protocol (VoIP) and session initiation protocol (SIP) technologies are the telecommunication industry s leading commodity due to its cost savings

More information

Transparent weaknesses in VoIP

Transparent weaknesses in VoIP Transparent weaknesses in VoIP Peter Thermos peter.thermos@palindrometech.com 2007 Palindrome Technologies, All Rights Reserved 1 of 56 Speaker Background Consulting Government and commercial organizations,

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

TECHNICAL CHALLENGES OF VoIP BYPASS

TECHNICAL CHALLENGES OF VoIP BYPASS TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish

More information

How to make free phone calls and influence people by the grugq

How to make free phone calls and influence people by the grugq VoIPhreaking How to make free phone calls and influence people by the grugq Agenda Introduction VoIP Overview Security Conclusion Voice over IP (VoIP) Good News Other News Cheap phone calls Explosive growth

More information

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...

More information

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure. BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION.

More information

NineStar Connect MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION. Policy Statement:

NineStar Connect MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION. Policy Statement: Policy Statement: NineStar Connect MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION The following policies apply to mass market broadband Internet services offered by NineStar Connect. NineStar

More information

Secure Communication and VoIP Threats in Next Generation Networks

Secure Communication and VoIP Threats in Next Generation Networks International Journal of Computer and Communication Engineering, Vol. 2, No. 5, September 2013 Secure Communication and VoIP Threats in Next Generation Networks M. Hossein Ahmadzadegan, M. Elmusrati, and

More information

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 Coral IP Solutions TABLE OF CONTENTS 1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 2.1 UGW 4 2.2 IPG 4 2.3 FLEXSET IP 5 2.4 FLEXIP SOFTPHONE 6 2.5 TELEPORT FXS/FXO GATEWAYS 7 2.6 CORAL SENTINEL 7 3 CORAL IP

More information

Mitigating the Security Risks of Unified Communications

Mitigating the Security Risks of Unified Communications 2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

VoIP Security: How Secure is Your IP Phone?

VoIP Security: How Secure is Your IP Phone? VoIP Security: How Secure is Your IP Phone? Dan York, CISSP Director of IP Technology, Office of the CTO Chair, Mitel Product Security Team Member, Board of Directors, VoIP Security Alliance (VOIPSA) ICT

More information

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY Babul K Ladhe 1, Akshay R Jaisingpure 2, Pratik S Godbole 3, Dipti S Khode 4 1 B.E Third Year, Information Technology JDIET, Yavatmal ladhebabul23@gmail.com

More information

Solution Brief. Secure and Assured Networking for Financial Services

Solution Brief. Secure and Assured Networking for Financial Services Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to

More information

For Your Eyes Only: Protecting Data-in-Motion with Dispersive Virtualized Networks

For Your Eyes Only: Protecting Data-in-Motion with Dispersive Virtualized Networks For Your Eyes Only: Protecting Data-in-Motion with Dispersive Virtualized Networks Dispersive Technologies software and cloud-based virtualized networks deliver mission-critical communications over the

More information

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Test Cases Document VOIP SOFT PBX Project Code: SPBX Project Advisor : Aftab Alam Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Submission Date:23-11-2007 SPBX

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

Convergence Technologies Professional (CTP) Course 1: Data Networking

Convergence Technologies Professional (CTP) Course 1: Data Networking Convergence Technologies Professional (CTP) Course 1: Data Networking The Data Networking course teaches you the fundamentals of networking. Through hands-on training, you will learn the vendor-independent

More information

Voice over IP Basics for IT Technicians

Voice over IP Basics for IT Technicians Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation

Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation VoIP Security Best Practice (Version: 1.2) NEC Corporation Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC

More information

KISUMU LAW COURTS: SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION. Page 54 of 60

KISUMU LAW COURTS: SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION. Page 54 of 60 SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION Page 54 of 60 UNIFIED COMMUNICATION SYSTEM (VOIP) PROPOSAL FOR KISUMU JUDICIARY COURTS. 1.0 PARTICULARS

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Vulnerabilities in SOHO VoIP Gateways

Vulnerabilities in SOHO VoIP Gateways Vulnerabilities in SOHO VoIP Gateways Is grandma safe? Peter Thermos pthermos@vopsecurity.org pthermos@palindrometechnologies.com 1 Purpose of the study VoIP subscription is growing and therefore security

More information

nexvortex SIP Trunking Implementation & Planning Guide V1.5

nexvortex SIP Trunking Implementation & Planning Guide V1.5 nexvortex SIP Trunking Implementation & Planning Guide V1.5 510 S PRING S TREET H ERNDON VA 20170 +1 855.639.8888 Introduction Welcome to nexvortex! This document is intended for nexvortex Customers and

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

T.V. SERVICE, INC., dba TVS CABLE MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION

T.V. SERVICE, INC., dba TVS CABLE MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION T.V. SERVICE, INC., dba TVS CABLE MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION The following policies apply to mass market broadband Internet services offered by T.V. Service, Inc., doing

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

VoIP Security. Customer Best Practices Guide. August 2015. 2015 IntelePeer

VoIP Security. Customer Best Practices Guide. August 2015. 2015 IntelePeer VoIP Security Customer Best Practices Guide August 2015 2015 IntelePeer Contents Contents... 2 Getting Started... 3 Pre-Deployment Considerations... 3 Preparation Check-List... 3 Common Security Threats...

More information

VoIP QoS. Version 1.0. September 4, 2006. AdvancedVoIP.com. sales@advancedvoip.com support@advancedvoip.com. Phone: +1 213 341 1431

VoIP QoS. Version 1.0. September 4, 2006. AdvancedVoIP.com. sales@advancedvoip.com support@advancedvoip.com. Phone: +1 213 341 1431 VoIP QoS Version 1.0 September 4, 2006 AdvancedVoIP.com sales@advancedvoip.com support@advancedvoip.com Phone: +1 213 341 1431 Copyright AdvancedVoIP.com, 1999-2006. All Rights Reserved. No part of this

More information

Voice over IP (VoIP) Vulnerabilities

Voice over IP (VoIP) Vulnerabilities Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony

More information

Indepth Voice over IP and SIP Networking Course

Indepth Voice over IP and SIP Networking Course Introduction SIP is fast becoming the Voice over IP protocol of choice. During this 3-day course delegates will examine SIP technology and architecture and learn how a functioning VoIP service can be established.

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Top Defense Strategies and

Top Defense Strategies and E-Guide Top Defense Strategies and Security Considerations for Unified Communications (UC) Organizations turn to unified communications as a cost-effective alternative to traditional communication systems.

More information

TOPIC understanding VoIP vulnerabilities

TOPIC understanding VoIP vulnerabilities How Fragile is your VoIP Implementation? For a long time, telecommunications networks and telephony services have been a part of the critical information infrastructure. They have always had high requirements

More information