Saturday, September 13, 2008

Security

Many consumer VoIP solutions do not support encryption yet, although having a secure phone is much easier to implement with VoIP than traditional phone lines. As a result, it is relatively easy to eavesdrop on VoIP calls and even change their content.[15] An attacker with a packet sniffer could intercept your VoIP calls if you are not on a secure VLAN. This security vulnerability could lead to Denial of Service (DoS) attacks to you and anyone on your network. The DoS would devastate your phone network by creating a continuing busy signal and forced disconnects. Viper Lab predicts VoIP attacks against service providers will escalate since unlicensed mobile access technology becomes more widely deployed to allow calls to switch from cell networks to VoIP networks, Viper Labs warns that "service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.[16] There is no such thing as a 100% secure solution to network security. The implementation of voice over internet protocol just adds to that complexity, by giving hackers another means to access your system. Customers can secure their network by limiting access to the virtual local area network, thus hiding their voice data network from the users. If the customer maintains a secure and properly configured gateway, you can keep most of the hackers out.There are several open source solutions that facilitate sniffing of VoIP conversations. A modicum of security is afforded due to patented audio codecs that are not easily available for open source applications, however such security through obscurity has not proven effective in the long run in other fields. Some vendors also use compression to make eavesdropping more difficult. However, real security requires encryption and cryptographic authentication which are not widely available at a consumer level. The existing secure standard SRTP and the new ZRTP protocol is available on Analog Telephone Adapters(ATAs) as well as various softphones. It is possible to use IPsec to secure P2P VoIP by using opportunistic encryption. Skype does not use SRTP, but uses encryption which is transparent to the Skype provider.

The Voice VPN solution provides secure voice for enterprise VoIP networks by applying IPSec encryption to the digitized voice stream

No comments: