login | register
Sun 07 of Sep, 2008 [00:58 UTC]

voip-info.org

History

VOIP Security

Created by: admin,Last modification on Tue 20 of Nov, 2007 [17:30 UTC] by sandrogauci

VOIP Security Issues:

  • Interception of calls
  • Denial of Service Attacks
  • Theft of Service

Interception of Calls

VOIP phone calls are fairly easy to capture and decode if you one has physical access to a LAN segment that the VOIP packets travel accross. Fortunately, with most enterprises using Ethernet switches instead of hubs, there are a limited number of locations this is possible.

Countermeasures
  • Physical Security
  • Encryption - not yet widely available for VOIP services
  • Secure wireless networks

Denial of Service Attacks

Sending spurious traffic to VOIP services or endpoints to disrupt normal service.

Countermeasure
  • Some Session Border Controllers have DoS countermeasures built in.


Theft of Service


Countermeasures
  • Use Authentication features of VOIP protocols
  • Encryption
  • Physical security
  • Secure wireless networks

VoIP Security Forums


VoIP Security Training


See Also:

  • VOIP Phreaking Presentation at the 22nd Chaos Communication Congress
  • Best Practices for VoIP Security Whitepaper
  • VOIPSA threat taxonomy from VOIPSA
  • Tactical VoIP Independent security consultants offering contract VoIP security audit, secure design, and forensic investigation services. Available World-wide. Currently serves Fortune 500, Government, and Industrial clients.
  • VoIP Ninja Small group of ethical independent security researchers conducting real world security evaluations of VoIP devices as a public service effort to improve VoIP security. Completely independent effort and unaffiliated with any VoIP device vendors. Responsible and public disclosure of device vulnerabilities. Vulnerability information is not sold
  • SIP Security and the IMS Core - Whitepaper that looks at the security issues associated with deploying VoIP based on an IMS core and the need to create a survivable core.
  • IPsec in VoIP Networks - White Paper, looks at the different flavours of IPsec and the issues they encounter with NATs. Examines TISPANs selection of UDP encapsulated IPsec to provide signalling security, and authentication whilst still being able to achieve NAT traversal
  • SIPVicious - a blog covering VoIP security and focuses especially SIP related issues

Comments