VoIP Security Threats Explained
Keywords: voip security, voip, voip security threats, spit, sip registration hijacking
In a recent report issued by CompTIA, the Computer Technology Industry Association, 50% of small and medium sized businesses (SMBs) had very little trust in the security offered by VoIP vendors, or for that matter, voice over IP security in general.
It is true, having your voice and data running on the same infrastructure leaves your telecommunications particularly vulnerable to all the security threats inherent in an IP network. Viruses, Trojan Horses, and worms can all wreak havoc on a network, and having your voice network go down for even the shortest time is intolerable for most business.
That said, security has come a long way, and most attacks can be stopped at the gateway by a good network administrator. While attacks on VoIP networks in particular are by no means widespread, the possibilities are there, if not imminent, and pose a very real threat to the very time sensitive requirements of voice over IP.
The following is a compilation of just some of the security threats facing a voice over IP network, as well as some security measures that could be taken to prevent such attacks.
SPIT: The new Spam for VoIP
Most anybody that receives email is familiar with the term Spam. Who among us has not received dozens of unsolicited emails, clogging up our mailboxes and causing us to waste our valuable time? Laws have been made to reduce the clutter in our mailboxes, and major offenders have been fined heavily and in some cases put in jail.
Spam is basically the broadcasting of advertisements, announcements, or other unwanted messages, over a network or networks, ending up in the mail boxes of anyone that has an email address on that network. At worst, spam is frustrating for the recipient, and can also cause network problems utilizing a good majority of bandwidth that is meant for other things. As email applications are connectionless and not sensitive to time delay, eventually the recipient will receive their emails intact, albeit a few minutes later than it would normally take.
Spam over Internet telephony, otherwise known as SPIT, can have far greater consequences than email spam. Spitters that target VoIP gateways can use up the available bandwidth, severely disrupting Quality of Service and causing a major degradation in voice quality.
The open nature of VoIP phone calls makes it easy for spitters to broadcast audio commercials just as email advertisements are broadcast. On closed networks like Vonage or Skype, or even your companies LAN, it is a little more difficult as the spitter would have to hack into the network in order to implement the broadcast. It can, however, be done.
The ability to broadcast audio messages over a VoIP network is not, in itself, necessarily a bad thing. Companies should be able to get out important messages quickly, and on a broader scope, emergency services could easily communicate mandatory evacuations, or warn of impending disasters in the event of catastrophe.
While Spit is certainly a technical possibility, to date, we have not seen a lot of it. In 2004, the peer to peer VoIP network Skype got hacked into, and users were inundated with unsolicited audio messages. Shortly thereafter, Skype had found and closed the loophole in the network. One other legal recourse is to get on the national Do Not Call list, to prevent solicitors from bombarding your voice mail box
Eavesdropping
Probably one of the scariest vulnerabilities of VoIP is the ability of an outsider to eavesdrop on a private conversation. This concept is nothing new to IP data networks, and generally requires a packet analyzer to intercept IP packets, and in the case of VoIP, saving the data as an audio file. Hackers then have the ability to learn user ids and passwords, or worse, to gain knowledge of confidential business information.
While it is true that eavesdropping occurs on traditional telephone lines as well as cellular networks, for someone to tap into your home phone line pretty much requires a physical presence outside your house. In the case of an IP network, a hacker requires only a laptop, some readily available software, and the knowledge of how to hack into your network.
Security analysts have long used encryption techniques to protect the confidentiality of data traveling through an IP network, and the same concept holds true for voice packets. The challenge with voice is to encrypt strongly and quickly, to protect confidentiality and as not to slow down the packet flow.
Nevertheless, if someone really wants to listen in on your calls, no type of telecommunication is 100% secure.
Phishing the Waters of Voice over IP
Another variation of an email attack, Phishing is designed to trick a user into revealing sensitive data such as user names, passwords, bank accounts, credit cards, and even social security numbers. In the case of VoIP, the attack could come as a voice mail message urging you to call a designated number and provide your user information. Even if the call is automated, touch tones can be easily deciphered. Depending on what information they get, hackers can use it to access bank accounts, or to steal identities.
While you can program a PBX to restrict call backs to known phishers, as more users become familiar with the pitfalls of the Internet, it becomes common knowledge to never give out sensitive information to automated media, be it via data or voice.
SIP Registration Hijacking
The Session Initiation Protocol (SIP) is becoming widely accepted as the method for setting up VoIP phone calls. The process involves a Registrar (in some cases the company PBX itself), which maintains a database of all users subscribed to the network, and basically maps their telephone number to an IP address.
Registration hijacking occurs when the packet header of either party is intercepted by a hacker, who substitutes his IP address for that of the legitimate one. Attacks can take the form of fraudulent toll free calls, denial of service attacks that can render the users device useless, or a simple diversion of communication.
Spoofing
Another hack that is well known in data networks is spoofing Also known as a man in the middle attack, spoofing requires hacking into a network and intercepting packets being sent between two parties. Once the IP address or phone number of the trusted host is discovered, hackers can use this attack to misdirect communications, modify data, or in the case of Caller ID Spoofing, transfer cash from a stolen credit card number.
SIP registration hijacking is a form of spoofing. Both of these spoofs, as well as other hacks such as eavesdropping, can be prevented by employing encryption techniques at the call set up phase. Today, the up and coming mechanism to achieve this is to send SIP messages over an encrypted Transport Layer Security channel. Putting these two protocols together forms the acronym SIPS.
There is no doubt that IP networks can be, and are, hacked into. Since a converged network consists of data and voice, VoIP is as vulnerable as any application to these disruptions, but with a downtime tolerance of no more than 5 minutes a year, such interruptions are considered intolerable for voice applications.
As of today, most of these security threats are not wide spread, and are presented here as a what could happen in the future scenario. Industry experts agree that as voice over Internet telephony becomes more wide spread, malicious hacking attempts are bound to follow.
These and other security threats can be prevented by a vigilant network staff, using all the known security precautions typical of an IP network. No VoIP solution is secure out of the box, and must be locked down by using common sense approaches, including but not limited to changing default passwords, closing down unused ports and services, utilizing firewalls and VPNs for network communications, and diligent intrusion detection.
Michael Talbert is a certified systems engineer and web designer with over 7 years experience in the industry. For more information on VoIP telecommunications, visit the website at www.VoIP-Facts.net, or the VoIP Facts Blog at VoIP-Facts.net .
Previous Articles Highlighter:
10 At Home Preparations For Your First Baby (1)
5. Clean your house with a deep clean. Obviously this doesn't have to be you; it can be your partner. Knowing that you won't have to clean too much when you return is one less thing to worry about.
Could Exercise Really Help To Protect Against Skin Cancer? (2)
It has been established that exercise provides great benefits in ways there were not ever thought of. When combined with a healthy diet, regular exercise can dramatically help to produce healthy, glowing skin.
Should Men Still Look After Their Skin? (3)
From foams to gels, and simple plain old water, most men have tried them all. If you do experiment a lot with shaving products, you may have already noticed that shaving goes a lot more smoothly when you use an aloe based shaving cream or gel.
Have You Noticed The Popularity Of Male Grooming? (4)
I do not recommend using cuticle nippers or scissors because they will cause your cuticle to become thicker in time. Trim your nails using the nail clippers. This should not go into the corners of the nail as it can cause a variety of conditions (especially on toes when you cut the corners too deep).
The Properties Of Platinum Wedding Rings (5)
Mainly because platinum is a very tensile and malleable to work with making it far easier for a jeweller to stud the ring and vary the design style. Platinum wedding rings are also highly expensive and sought after with many of the rich and famous now wearing them.
VoIP Over WiFi For Businesses: Sending Voice Over The Wireless LAN (6)
With voice communications thrown into the mix, mobile users can stay in touch while roaming the property inside or out, and even on the road. The acceptance of the fixed to mobile convergence concept by the telecommunications industry only promises to fuel the fire for the adoption of VoIP over WiFi.
Creating A Great Foundation With Your Foundation (7)
This is because your face is a different shade than the skin on your hands and wrists. After you apply a small amount to your face, be sure to wait a few minutes in order to give the foundation a chance to dry and adjust to your skin.
Car Insurance Tips (8)
These points are worth considering even if most of us subscribe to the illusion that 'an accident is not going to happen to me because I drive carefully' You need to consider the scope of cover you require.
Find A Free Home Based Internet Business - Do Not Fall For A Scam (9)
You should be able to know if you can really trust someone or not by the time you begin to work with them. The best thing to do is to avoid the places and the people who you simply do not trust.
Beating Stay At Home Mom Isolation (10)
Start one of your own. It's all a chance to express yourself and at least virtually interact with people who share your interests. Some stay at home moms will insist to you that they never feel isolated, as though you shouldn't either.
Newer Articles Highlighter:
Lightweight Folding Bikes For The Convenience Of Your Everyday Transit (1)
Lightweight folding bicycle models of different sizes and styles are available in the market. You will need to select one fit for your requirement and style of riding. Electricity-driven folding bikes have also been launched by some manufacturers and if you are one of those reluctant bicycle-riders, you can simply whiz around on them.
Camper Van Hire Classics (2)
Many camper van hire companies now offer vans with conversions to LPG. This should at least half your fuel costs. One thing I should mention is that insurance cover for camper van hire can be expensive and you should know up front exactly what you are covered for.
Construction Waste Management (3)
And while this may sound too cheesy, construction waste management will make our mother earth proud. Hah, too cheesy indeed. Still, construction waste management is way to go.
Construction Management Study (4)
Construction management also refers to a business representation wherein a crew to a construction contract serves as a consultant to the construct, hereby providing design and advice of the construction.
Interested In An Accounting Career? (5)
Along with medical and health related careers, accounting professionals are among the group of professions that are projected to see a lot of growth over the next few years. Graduates of four year accountancy programs are earning 3.7% more in terms of starting pay straight out of college.
Hurricane Shutters May Save Your Life (6)
There are the colonial, Bahamas, accordion and roll down versions. These are all made from different types of material such as metal or wood. The cheapest among all of these is the vinyl version.
Value Management In Construction (7)
External challenge is important in achieving improvement in the construction industry. To date, all strategic and tactical workshops, facilitators who are external to the project team are involved. This is to make sure that there is no undue political or commercial pressure taken to bear on the project team.
Tips To A Successful Home Business (8)
Yet sadly, each many also give up and return to the workplace frustrated, angry and quite possibly with strained family ties. While it is not possible to please everyone, there are some distinct steps you can take to keep business and family separate yet at the same time meet all of their needs.
The History Of The Ragdoll (9)
Rag dolls with yarn hair should be closely tested and extra attention should be paid to embroidered details as well. If any of the dyes used in the doll bleed, you should wash the doll without getting these areas wet.
Getting The Most Out Of Your Travel Deals (10)
If you end up being sick in foreign country, your insurance back home might not cover it. Thus you might end up using your vacation budget on hospitalization. 12.