What is VoIP?
VoIP transfer voice signal over IP based network. First, human voice needs to be converted to digital bits and encapsulated in packets, which are transmitted using IP network and converted back to voice signal at the destination. Secondly, there should be a way to identify each entity in the network like phone number in traditional telephone system. Thirdly, VoIP entities need to be able to communicate with telephones of PSTN.
VoIP Security Issues
Below Listed are some of the VoIP Security Issues -
• Phishing
• Call Hijacking
• Call Tampering
• Malware and Viruses
• Eavesdropping
• Denial of Service
• Man-in-the-Middle Attacks
• ID Spoofing
• Audio Spam
VoIP Security Countermeasures
Below Listed are some of the VoIP Security Countermeasure -
• Encryption of voice message packets can protect against eavesdropping. IPsec can be deployed to encrypt whole packets. SRTP can provide confidentiality, message authentication and replay protection for audio and video streams.
• Stronger authentication schemes are the solutions to registration spoofing, proxy impersonating and call hijacking. To mitigate this type of attacks, software patching is crucial to fix any known vulnerabilities.
• To mitigate VoIP signaling and media DoS attacks, strong authentication is the key. VoIP components need to make sure that they are communicating with legitimate counterparts. VoIP firewall should also be implemented to monitor streams and filter out abnormal signals and RTP packets. Media and signal rate limits can be set by observing normal traffic patterns.
• To mitigate physical DoS attacks, strict physical security schemes should be implemented with restricted areas, access control, locks, guard, etc. To guarantee continuous power supply, backup power generation system should be available.
References
• https://www.voicenext.com/blog/voip-security-issues/
• https://www.sans.org/reading-room/whitepapers/voip/security-issues-countermeasure-voip-1701 http://www.voip-info.org/wiki/
Nov 11,2020
Nov 15,2020
Nov 05,2020
Copyright @SecurWires. Designed & Developer By MindScript