Securing VoIP – Part 2 – Technology

Security risks involved in VoIP implementation include denial of service (DoS), service theft, unauthorized call monitoring, call routing manipulation, identity theft and impersonation, among others. Not only does VoIP inherit all data network security risks, but it introduces new vectors for threats related to the emerging and untested technology and protocols associated with VoIP. These new threat vectors in turn increase the risk to the data network. It should also be noted that vulnerabilities in the network infrastructure can affect the security and availability of the VoIP network. For example, products from certain switch and router makers have fatal flaws that could let hackers craft Denial of Service attacks to disrupt enterprise networks

Minimal steps for securing VoIP Networks

1. Separate voice and data on different logical networks (VLANs)

2. Separate DHCP servers

3. Use strong authentication access control on the voice gateway system

4. Incorporate VoIP aware application level gateways and firewalls.

5. Use IPsec or SSH for remote management

6. Encrypt voice traffic.

In addition a multi-layered security solution must be implemented to prevent TCP/UDP based attacks, operating system vulnerability attacks, protocol flaws, device configuration flaws and VoIP application flaws. A robust solution should allow for deep packet inspection of the packet payload to recognize known attacks, anomalies or suspected attacks based on known vulnerabilities. Potentially, every component of a VoIP system may be vulnerable. These include the protocols, IP infrastructure (routers, switches), IP/PBXs (private branch exchanges), VoIP-specific servers, and individual phones or “soft phones” (a PC with a headset). The table below gives some overview of security that can be provided over different layers in order to mitigate the risks involved.

VoIP Security Measures

Comments are closed.