110 likes | 212 Views
A Listener Among the Static:. Security and Voice over IP. Christian Prescott Gabriel Fair. Contents. About VOIP Security Threats Solutions. About VOIP. VoIP protocols have been in development since the early 1990s and have developed with technology to become more secure
E N D
A Listener Among the Static: Security and Voice over IP Christian Prescott Gabriel Fair
Contents About VOIP Security Threats Solutions
About VOIP VoIP protocols have been in development since the early 1990s and have developed with technology to become more secure H.323 remains in use in many corporate VOIP networks Session Initiation Protocol is a widely implemented standard used in VoIP communications to setup and tear down phone calls Many consumer VoIP solutions do not support encryption, although having a secure phone is much easier to implement with VoIP than traditional phone lines, it still takes time, maintenance and money. As a result, it is relatively easy to eavesdrop on VoIP calls and even change content of the call
Threats VoIP deployments are vulnerable to the same internal and external threats that plague any enterprise data local area network (LAN) or Wide Area Network (WAN). Also vulnerable to all of the same threats as a standard phone line.
Threats • Eavesdropping • Authentication • Security of logs • Weak points in network architecture
VoIP has strict performance requirements that make it very susceptible to DoS attacks • Automated Telephony Denial of Service (TDoS) • Socially Organized TDoS • Social Engineering & Financial Fraud • Toll Fraud Threats
VoIP is cheaper than PSTN and is now available anywhere with internet • Caller ID can be easily spoofed and controlled • Asterisk, the popular open source VoIP for PBXs is widely used and free • VoIP in a box enables criminals to move operations to anywhere, even the local coffee shop or library How VoIP makes Phising Easier
Thermos, Peter. "Examining Two Well-Known Attacks on VoIP." Web log post. CircleID. N.p., 5 Apr. 2006. Web. 4 Dec. 2012. <http://www.circleid.com/posts/examining_two_well_known_attacks_on_voip1/>. United States of America. U.S. Department of Commerce. National Institute of Standards and Technology. Security Considerations for Voice over IP Systems. By D. R. Kuhn, Thomas J. Walsh, and Steffen Fries. N.p.: n.p., n.d. Print. Weiss, Eric. Security Concerns with VOIP. Tech. N.p.: SANS Institute Infosec Reading Room, 2001. Print. Resources