VOIP SECURITY AWARENESS

15. January 2012, 15:17 | by WD Milner | Full Article |

A recent conversation with a friend of mine prompted me to formalize part of our conversation. The subject? VoIP and security. This was prompted by his surprise when he discovered Skype bypassed his firewall using port 80 and that it could act as a relay for other Skype users while active.

There are generally two camps when it comes to VoIP security - the “perfectly safe” folks and the the “dangerously vulnerable” folks. The former group tend to be made up of IP telephony people (vendors, suppliers, and the like) and the financial officers who see big savings over conventional telephony systems. The latter group tend to be made up of network and security technicians, and the inevitable doomsayers.

If one stops and considers for a moment, one realizes that being based on IP, VoIP is basically another network application of the same general sort as e-mail or web applications. IP telephony systems run on servers running the same operating systems as other enterprise software and client applications either on a personal computer or embedded in a handset system and gateway servers that make the transition from the network to the regular telephone system. They all use standard protocols and the vast majority share the same data network as other data applications. Theoretically, therefore, they are as vulnerable and open to attack as any data application from DoS to worms to SPAM. Add in man-in-the-middle and trust exploitation not to mention toll fraud and the glamour of easy cheap telephony dims a little. Even when not directly aimed at the VoIP system a viral attack on conventional services (such as SQL Slammer) can bring down VoIP systems by affecting services that VoIP depends on (such as in some cases for example SQL).

An unrelated VoIP problem is one of latency. To achieve high quality voice, the latency of a connection cannot drop below 150 milliseconds for one-way traffic. Doing voice encoding can take 20-30 milliseconds and making a call cross country on a public network can take upwards of 130 milliseconds. Add in security measures such as encryption, firewalls, and intrusion detection systems and latency becomes a major issue affecting voice quality. If you use VoIP only across an internal LAN then latency becomes pretty much a non-issue and security becomes easier to maintain by hardening servers, gateways, firewalls and intrusion detection systems. While many vendors recommend separating data and voice traffic building a seperate LAN for VoIP effectively negates and cost benefits from the technology.

One of the key aspects if protecting VoIP traffic is to encrypt it, and to avoid the use of “softphones”, an application that runs on a personal computer, in favour of discrete handset units which can provide some separation of data and voice and easing the use of VLAN for the VoIP traffic. Once VoIP migrates beyond an easily controlled LAN environment to the internet and the number of users on the network climb, the security risk does as well. Implementing effective security on such a scale becomes burdensome at best and impossible at worst.

While not widely publicized, firms such as BorderWare, a provider of VoIP security solutions, have in the past admitted that there have been attacks on call centres and financial institutions VoIP systems, but have obviously been reluctant to say outright who these may have been. As VoIP becomes more widespread, such occurrences can only increase, resulting in the same types of attacks, exploits and intrusions plaguing mainstream personal computer operations. Fortunately, it seems that the problems are being looked at early in deployments and that may have the salutary affect of heading off all but the most determined and technical of risks. We can only hope.

- 30 -

Categories: ,
Keywords: VoIP,security,telephoney,network,Skype

Comments


 



Textile help
 
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.

 

Article & Comments


Comments are not enabled for all articles or documents.

Article Navigation
|

Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••