VoIP (Voice Over IP) Security

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
Line 59: Line 59:
====Data Encryption====
====Data Encryption====
-
The most effective countermeasure to eavesdropping is data encryption.  As seen in class, there are many data encryption methods, some more effective than others.  However, all methods introduce overhead which can greatly effect the quality of the conversation by causing large packet loss and packet jitter.  Here are some common data encryption methods:
+
The most effective countermeasure to eavesdropping is data encryption.  As seen in class, there are many data encryption methods, some more effective than others.  However, all methods introduce overhead which can greatly effect the quality of the conversation by causing large packet loss and packet jitter.  Here are some common ways of implementing data encryption for VoIP:
-
* Data Encryption Standard(DES) [[Wikipedia:Data Encryption Standard|Data Encryption Standard]]
+
* Using software such as [http://zfoneproject.com/ Zfone]
-
*  
+
* Using VoIP clients with built in encryption such as Skype
 +
Skype comes with its own propriety encryption method.  Some other common methods include:
 +
[http://en.wikipedia.org/wiki/Data_Encryption_Standard Data Encryption Standard](DES)
 +
[http://en.wikipedia.org/wiki/Triple_DES Triple DES] (3DES),
 +
[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard] (AES)
 +
* Using a Virtual Private Network (VPN)
===Theft of Services===
===Theft of Services===

Revision as of 18:26, 13 April 2008

VoIP (Voice over Internet Protocol) is a protocol used for the transmission of voice data across the Internet. IP telephony treats voice as another form of data that is compressed and optimized for network traffic and is vulnerable to attacks traditional data would be on the network. VoIP security is akin to network security; voice data traveling the network will look like any other normal data.

Corporations generally place VoIP concerns on the voice quality, latency, and quality of service above the overall security when VoIP telephony is actually more vulnerable to certain attacks compared to the traditional phone system. The most common threats found in the VoIP environment include eavesdropping, theft of services, and denial of service attacks. Has VoIP come far enough so that the benefits outweigh the costs to justify its use?

Contents

Introduction

To greater understand VoIP security, a general overview of VoIP systems is useful.

Components

A typical VoIP system includes four components:

VoIP system Components
Component Description

Data Network

  • Must be high performance to avoid choppy communication
  • Must be resilient in the sense that traffic congestion will not greatly effect voice quality
  • QoS (Quality of Service) standard to prioritize voice traffic over data traffic
    • DiffServ
      • Layer 3 QoS mechanism
      • Redefines 6-bits of the Type of Service byte in IP header
      • DSCP (DiffServ Code Point) used to prioritize the IP packet
    • 802.1p
      • Layer 2 QoS mechanism
      • Uses 3-bits of 802.1Q frame tag to prioritize an Ethernet frame

IP Handset

  • Handset has to be IP enabled so audio stream can be digitized to be transmitted on the IP network
  • Uses Cat5 cable

Call Server

  • Application running on dedicated workstation
  • Provides all call signaling
  • Provides all call control functionality
  • Core operating code of a PBX (Private Branch Exchange) transferred here

Gateway

  • Voice connectivity between IP network and public carrier network
  • Can be taken over by hackers to make free calls


Attacks

There are three main types of attacks that the VoIP environment are susceptible to including eavesdropping, theft of services, and denial of service attacks.

Eavesdropping

Eavesdropping on VoIP calls involves third parties monitoring the call signal packets in which the hacker may learn of confidential information such as name, passwords, and other personal information. This is especially significant to businesses as corporate sensitive information may be revealed.

VoIP eavesdropping is easier accomplished that eavesdropping the traditional telephone line through physical wiretap since the hacker must physically place the wiretap. Since VoIP calls send data across the network, the hacker can sniff for packets anywhere along the network.

Data Encryption

The most effective countermeasure to eavesdropping is data encryption. As seen in class, there are many data encryption methods, some more effective than others. However, all methods introduce overhead which can greatly effect the quality of the conversation by causing large packet loss and packet jitter. Here are some common ways of implementing data encryption for VoIP:

  • Using software such as Zfone
  • Using VoIP clients with built in encryption such as Skype

Skype comes with its own propriety encryption method. Some other common methods include: Data Encryption Standard(DES), Triple DES (3DES), Advanced Encryption Standard (AES)

  • Using a Virtual Private Network (VPN)

Theft of Services

Denial of Services

Recommendations

Although a network cannot be completely immune to attack, here are some recommendations to secure your VoIP network.

  1. Do not user shared media devices (ie hubs) on networks
  2. All VoIP traffic should be encrypted
  3. VoIP servers with confidential information should be treated as a confidential database
  4. Build redundancy into VoIP network.
  5. Make sure firewall is VoIP aware

References

See Also

External Links

--Chenc8 13:29, 13 April 2008 (EDT)

Personal tools