VoIP Security Threats9 min. 49 sec.
Voice over IP (VoIP) promises many benefits, but moving the phone service to an IP network can expose that service to a number of serious threats. This 10 minute podcast looks at just some of these threats.
Watch the Video
|
Security Considerations when Implementing IP Telephony in Enterprise Networks
Many enterprises, whether large or small, are now considering implementation of IP Telephony systems and services in their networks. What has been a separate circuitswitched telephony network on its own, is with the advent of IP Telephony suddenly a part of the IT and IP infrastructure, available and manageable as virtually any other application within that framework.
Read the Article
|
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues
In this paper, we explain the technologies of the VoIP Secure Gateway, which makes IP telephony protocols firewall-friendly and enables an enterprise IP-PBX service to interoperate with a consumer IP telephony service through a firewall. Also, we look at other security problems that need to be solved in order to expand IP telephony services in the future.
Read the Article
|
VoIP Security Challenges
With most major telecommunications carriers currently in the process of readying voice-over-IP (VoIP) services for mass deployment, it's clear that IP telephony is finally headed for prime time. However, the promise of mass VoIP consumption also increases the risk for widespread security violations, spawning a new sense of urgency to plug potential security holes now before hackers wreak havoc on corporate voice networks.
Read the Article
|
Secure Voice over IP
The purpose of this document is to give a general overview of Voice over IP (VoIP) and to explain the essential security issues surrounding a successful VoIP deployment. The scope includes the "big three" signaling protocols, vocoders, and the mechanisms used to secure VoIP.
Read the Article
|
Eavesdropping an IP Telephony Call
There are numerous excellent technical papers that highlight and discuss the security implications of deploying an IP Telephony solution [1]. This particular paper examines the area of call eavesdropping in a little more detail and outlines how the process of eavesdropping has changed as the PBX technology has evolved. This paper suggests that the art of call eavesdropping may be easier that ever before. Therefore, careful consideration is required before implementing an IP Telephony solution.
Read the Article
|
Security Concerns with VOIP
IP Telephony is a process that enables the transfer of voice data over a packet switched network as opposed to the traditional circuit switched networks of today's telephone companies. Companies are moving to this technology because it allows them to use their existing network infrastructure to carry both data and voice traffic. Savings come from eliminating the need to purchase new PBX equipment, and from reduced staff and maintenance costs because only one network needs to be supported. Other incentives for moving to VOIP are the possible savings from the cost of long distance per minute charges of sending voice traffic via existing carriers and the advantages of promised new features.
Read the Article
|
Security Analysis: Traditional Telephony and IP Telephony
Because of the technologies and skill sets involved, IP telephony transcends the traditional job boundaries of data communications and telecommunications. The goal of this paper is to take a step back and analyze the security implications of migrating from a traditional telephony architecture to an IP telephony architecture. The key components of the two architectures, the phones/stations and the PBX/Gatekeeper/Gateway, are analyzed for vulnerabilities snooping/eavesdropping, theft of service, and denial of service.
Read the Article
|
The RTP DOS Attack and its Prevention
The Real Time Transport Protocol (RTP) provides unreliable transport of real time media from a sender to one or more recipients. RTP sessions are typically set up through signaling protocols such as the Session Initiation Protocol (SIP) or the Real Time Streaming Protocol (RTSP). When RTP is set up with these protocols, a potential Denial of Service (DoS) attack is introduced. This attack allows an attacker to cause a flood of RTP packets to be sent towards a target. We describe this attack, and also show how it is effectively prevented using Interactive Connectivity Establishment (ICE), first introduced as a means of handling Network Address Translator (NAT) traversal.
Read the Article
|
IPT: Is Your VOIP Secure?
Voice-over-IP is rapidly becoming a mature technology. Audio quality, bandwidth usage, and convenience are all reaching acceptable levels. But are your VoIP calls secure?
Read the Article
|
