VoIP (Voice Over IP) Security

From Computing and Software Wiki

(Difference between revisions)

Revision as of 03:37, 13 April 2008

VoIP (Voice over Internet Protocol) is a protocol used for the transmission of voice data across the Internet. IP telephony treats voice as another form of data that is compressed and optimized for network traffic and is vulnerable to attacks traditional data would be on the network. VoIP security is akin to network security; voice data traveling the network will look like any other normal data.

Corporations generally place VoIP concerns on the voice quality, latency, and quality of service above the overall security when VoIP telephony is actually more vulnerable to certain attacks compared to the traditional phone system. The most common threats found in the VoIP environment include eavesdropping, theft of services, and denial of service attacks. Has VoIP come far enough so that the benefits outweigh the costs to justify its use?

Introduction

To greater understand VoIP security, a general overview of VoIP systems is useful.

Components

A typical VoIP system includes four components:

**VoIP system Components**
Component	Description
Data Network	Must be high performance to avoid choppy communication Must be resilient in the sense that traffic congestion will not greatly effect voice quality QoS (Quality of Service) standard to prioritize voice traffic over data traffic DiffServ Layer 3 QoS mechanism Redefines 6-bits of the Type of Service byte in IP header DSCP (DiffServ Code Point) used to prioritize the IP packet 802.1p Layer 2 QoS mechanism Uses 3-bits of 802.1Q frame tag to prioritize an Ethernet frame
IP Handset	Handset has to be IP enabled so audio stream can be digitized to be transmitted on the IP network Uses Cat5 cable
Call Server	Application running on dedicated workstation Provides all call signaling Provides all call control functionality Core operating code of a PBX (Private Branch Exchange) transferred here
Gateway	Voice connectivity between IP network and public carrier network

Attacks

There are three main types of attacks that the VoIP environment are susceptible to including eavesdropping, theft of services, and denial of service attacks.

Eavesdropping

Theft of Services

Denial of Services

Recommendations

Although a network cannot be completely immune to attack, here are some recommendations to secure your VoIP network.

Do not user shared media devices (ie hubs) on networks
All VoIP traffic should be encrypted
VoIP servers with confidential information should be treated as a confidential database
Build redundancy into VoIP network.
Make sure firewall is VoIP aware

@@ Line 1: / Line 1: @@
-VoIP (Voice over Internet Protocol) is a protocol used for the transmission of voice data across the Internet.  IP telephony treats voice as another form of data that is compressed and optimized for network traffic and is vulnerable to attacks traditional data would be on the network.  VoIP security is akin to network security; voice data traveling the network will look like any other normal data.
+'''VoIP''' (Voice over Internet Protocol) is a protocol used for the transmission of voice data across the Internet.  IP telephony treats voice as another form of data that is compressed and optimized for network traffic and is vulnerable to attacks traditional data would be on the network.  VoIP security is akin to network security; voice data traveling the network will look like any other normal data.
 Corporations generally place VoIP concerns on the voice quality, latency, and quality of service above the overall security when VoIP telephony is actually more vulnerable to certain attacks compared to the traditional phone system.  The most common threats found in the VoIP environment include eavesdropping, theft of services, and denial of service attacks.  Has VoIP come far enough so that the benefits outweigh the costs to justify its use?
@@ Line 5: / Line 5: @@
 ==Introduction==
-VoIP has the immediate benefits of reduced costs of operations to corporations with the dual use of the existing data networks already in place for voice and data packets contrast to the more expensive alternative of a separate traditional phone line network from the data network.
+To greater understand VoIP security, a general overview of VoIP systems is useful.
+===Components===
+A typical VoIP system includes four components:
+{| border="5" cellspacing="5" cellpadding="2" align="left"
+|+ '''VoIP system Components'''
+! Component !! Description
+|-
+|
+'''Data Network'''
+|
+* Must be high performance to avoid choppy communication
+* Must be resilient in the sense that traffic congestion will not greatly effect voice quality
+* QoS (Quality of Service) standard to prioritize voice traffic over data traffic
+** DiffServ
+*** Layer 3 QoS mechanism
+*** Redefines 6-bits of the Type of Service byte in IP header
+*** DSCP (DiffServ Code Point) used to prioritize the IP packet
+** 802.1p
+*** Layer 2 QoS mechanism
+*** Uses 3-bits of 802.1Q frame tag to prioritize an Ethernet frame
+|-
+|
+'''IP Handset'''
+|
+* Handset has to be IP enabled so audio stream can be digitized to be transmitted on the IP network
+* Uses Cat5 cable
+|-
+|
+'''Call Server'''
+|
+* Application running on dedicated workstation
+* Provides all call signaling
+* Provides all call control functionality
+* Core operating code of a PBX (Private Branch Exchange) transferred here
+|-
+|
+'''Gateway'''
+|
+* Voice connectivity between IP network and public carrier network
+|}
+<br style="clear:both;"/>
 ==Attacks==

VoIP (Voice Over IP) Security

From Computing and Software Wiki

Revision as of 03:37, 13 April 2008

Contents

Introduction

Components

Attacks

Eavesdropping

Theft of Services

Denial of Services

Recommendations

References

See Also

External Links

Views

Personal tools

Navigation

Search

Toolbox