Security of VoIP phone systems comes up short – TechRepublic

Now let’s look at why VoIP needs help security-wise.

Security issues affecting VoIP

Several issues affect data networks and VoIP networks equally. That is probably why many IT professionals assume what works for the data LAN will work for VoIP.

Denial of Service (DoS): Though data and VoIP traffic have differences, the largest attack vector, denying availability, affects both traffic types equally. The difference being VoIP has an additional DoS attack vector: Spoofing the “Cancel Message.”



VoIP Security Slide


The above slide (courtesy of Jianqiang Xin and SANS Institute) depicts the process. In his research paper, Xin explained, “The attackers use cancellation of pending call set up signals including sending a CANCEL, GOODBYE, or PORT UNREACHABLE message. Doing so prevents the phone from completing the call, or hanging up.”

A different approach, but still an effective DoS attack.

Eavesdropping: Attackers can use Man in the Middle exploits to eavesdrop on data networks and VoIP networks alike. VoIP networks also appear to be more susceptible than PSTNs when it comes to eavesdropping. In his paper, Xin said, “Conventional telephone eavesdropping requires either physical access to tap a line, or penetration of a switch. With VoIP, opportunities for eavesdroppers increase dramatically because of the large number of nodes in the path between the connected nodes.”

via Security of VoIP phone systems comes up short – TechRepublic.

No Comments so far.

Leave a Reply