Voice Over IP VOIP Security Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

Voice over IP (VoIP) Security

Voice over Internet Protocol or VoIP refers to making use of telephone services over that of the computer networks. During the first part of the process, the VoIP makes an analog signal which is evolved from the speaker's voice. It is then transferred to a digital signal and further transfers over that of an IP network and this is well inclusive of the Internet. Voice over Internet Protocol is also inclusive of any types of software, hardware, or even that of the protocol which could be linked to VoIP. There are very many examples which could be found relating to VoIP technologies which are being widely in use and there are several of these technologies being provided by various companies. Their various systems have the necessity to make use of analog telephone adapters in such a manner so that the standard type of telephones could be used on various IP networks. Another method of using it is by means of implementing the software's and what it needs for this purpose is that of a PC and headphones. There are also various open source applications of this technology that promote the use of a complete system of PBX functionality.


One of the important things is checking the quality of speech that is going to go through a VoIP system or is combined with other systems. This has led to the development of new systems like QPro, which measures quality. It also enables the simulation of systems at various levels and offers a detailed measurement and assessment of the tested network or system component. The online statistics and results are displayed as in Figure 1. It makes analysis of the quality of calls and this is displayed in reference and network degraded waveforms as shown in figure 2. It can also be seen as voice distortion graphs as shown in Figure 3. The end results of end causes distribution and success graphs can be shown as in Figure 4. The entire circuit can also be shown as a Figure as in Figure 5. These are just analysis of VoIP systems, but do not have to do anything to do much that of with security directly. (VoIP Performer- QPro - Ultimate Speech Quality Performance Testing)

According to information from Gartner, it is stated that by the year 2007, 97% of new phone systems which are installed in North America will be VoIP-based or hybrid. Despite the apparent ease-of-use of VoIP, the technology behind it contains a complex set of protocols, applications and appliances that should receive careful security attention. ISS has warned that security dangers regarding VoIP will continue to increase as the system becomes more popular. Internet Security Systems -- ISS has announced it has now provided protection for flaws the company discovered in VoIP technology that had been offered by Cisco, who are one of the top providers of VoIP technology. (Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure; Company Provides Protection for Customers against VoIP Vulnerabilities)

The most recent discovery of VoIP security flaws has been by ISS X-Force (R) team within the systems of Cisco's Call Manager, and that is a necessary component to the functioning of any Cisco VoIP software, since it performs tasks like call signaling and call routing. These vulnerabilities are attacked and the party is able to trigger a heap overflow within a critical Call Manager process. This causes both a denial of service condition and enables the attacker to completely compromise the Call Manager server. This could result in the attacker to redirect calls or eavesdrop, as well as gain unauthorized access to networks and machines running Cisco VoIP products. Compromise of VoIP networks and machines may result in exposure of confidential information, loss of productivity and also network compromise. The full ISS X-Force advisory on these flaws can be found at: http://xforce.iss.net/xforce/alerts/id/200. (Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure; Company Provides Protection for Customers against VoIP Vulnerabilities)

Even though it could be said that a wide range of making use of VoIP has evolved during the last several years, still the ideas which are at the back of VoIP could be considered as a relatively innovative approach and application of that of the old concepts. Packet switched data networks have been found to prevail for a considerably sufficient amount of time, and making use of these networks for the purpose of sending voice traffic to and for was an activity that was waiting to prevail. Multiple protocols for the purpose of managing VoIP traffic have been evolved, and these are like H.323, the Session Initiation Protocol -- SIP and the Real-Time Transport Protocol -- RTP. The National Institute of Standards and Technologies -- NIST have come out with a white paper that gives an improved idea of these protocols, and they are inclusive of detailed security analyses for each of the protocols. (Security Considerations for Voice over IP Systems)

Recent research, on the Cisco 7900 series VoIP phones, by Secure Test have revealed about security concerns which ar eto be taken seriously. Secure Test has separately tested the Cisco 7900 since this is probably the most widely used enterprise VoIP solution. Similar problems may as well be present in other vendor products. The systems were found susceptible to both DoS -- denial of service attacks and interception. It is now clear that when phone systems are transferred to an IP network they are susceptible to several of the same security concerns as Ethernet data networks. The more dangerous part of it is that phone systems may be difficult or even impossible to patch. Like several other IP devices Cisco's VoIP phones are vulnerable to ARP -- Address Resolution Protocol spoofing, allowing what is called 'man-in-the-middle' attacks and that includes data interception and packet injection. This means that any VoIP phone can be tapped by anybody else who uses a phone on the same network, and that any individual VoIP phone can crash easily and any VoIP network infrastructure is highly susceptible to DoS attacks. (Allsopp, 2004)

The modern business world is becoming more data-centric than ever before, yet, voice still rules as king. If a person wants to create a client relation, attain a business deal or discuss sensitive information, then it would be normally done over a voice network. At the same time, voice over IP can run foul of traditional security challenges that involve modern data communications, and that includes address spoofing for hijacking a phone number, or Denial of Service -- DoS attacks. This is possible due to a flaw of TCP/IP when the establishing of a connection takes place. Deploying a firewall will take care of such traditional assaults, but cannot deal with the more targeted attack taking place from sniffers and eavesdroppers. Eavesdroppers can easily get special software designed to convert miss-configured IP phone conversations into wave files, which can be played back on ordinary sound players. To take care of such activities and secure voice calls, businesses need to think about encrypting voice. One way is to do this via a virtual private network -- VPN tunnel, which may use AES or DES -- Data Encryption Standard. This will ensure encryption of the signaling and streaming components of a VoIP call. Another option is to make use of secure real time protocol -- SRTP for encrypting the streaming side of the VoIP call. (Porter, 2005)

During the last year, a lot of noise has been made about the alleged security failings of VoIP. The press has continuously warned about voice spam, spyware, phishing, eavesdropping, and Denial of Service -- DoS attacks. There is also a feeling that the firewall and carrier communities are promoting much of this coverage, and they have a vested self-interest in showing VoIP security situation as very gloomy. In fact, VoIP security is probably no worse in comparison to the security of e-mail and traditional phone networks and may be expected to dramatically improve in the future years. The situation today is that most VoIP networks today are independent of one another and this is due to the wide majority of enterprise VoIP networks not accepting external VoIP calls. This makes these networks even more protected against phishing, spam, and forgery of identity. (Mahy, 2005)

Again, the very properties of voice make it an inherently less interesting target for hackers when compared to data files or e-mails as voice cannot be searched or skimmed through. Eavesdropping in a traditional telephone network is comparatively straightforward and the attacker only requires access to the physical line and inexpensive equipment. In comparison, eavesdropping on VoIP in an IP network requires administrator access to the switch along with an attachment to the switch's span or monitoring port. Only this will permit the attacker to gather packets from another switch port. Against this, using a wireless network with a VPN or strong Layer-2 encryption such as Wi-Fi Protected Access -- WPA will provide better security. (Mahy, 2005)



Cite This Term Paper:

"Voice Over IP VOIP Security" (2005, October 13) Retrieved October 25, 2016, from http://www.paperdue.com/essay/voice-over-ip-voip-security-69648

"Voice Over IP VOIP Security" 13 October 2005. Web.25 October. 2016. <http://www.paperdue.com/essay/voice-over-ip-voip-security-69648>

"Voice Over IP VOIP Security", 13 October 2005, Accessed.25 October. 2016, http://www.paperdue.com/essay/voice-over-ip-voip-security-69648

Other Documents Pertaining To This Topic

  • Computers Voice Over Ip Voip Performance Testing

    Another option is to use a network simulator which is a device that allows you to exactly model the target network and then see the effect of changing key factors such as routing, link speeds and priorities (Voice-over-IP (VoIP) and network performance, 2007). The questions that arise after deployment include: is the VoIP system delivering adequate perceived voice quality? And Is the VoIP application affecting the performance of other applications?

  • Voice Over IP Assessing the

    Bibliography Bal Athwal, Fotios C. Harmantzis, & Venkata Praveen Tanguturi. (2010). Valuing Hosted VoIP services in the enterprise market: case application using real options. International Journal of Technology Management, 49(1-3), 250-271. Basaglia, S., Caporarello, L., Magni, M., & Pennarola, F.. (2009). Environmental and organizational drivers influencing the adoption of VoIP. Information Systems and eBusiness Management, 7(1), 103-118. Bayer, N., Xu, B., Rakocevic, V., & Habermann, J.. (2010). Application-aware scheduling for VoIP in Wireless

  • Voice Over Internet Protocol Report

    With the growth of VoIP, new requirements are brought forwarded, such as providing communication between a PC-based soft phone and a phone on PSTN. Such requirements strengthen the need for a standard for IP telephony. Same as other technologies, there are various standards proposed to be accepted by the industry. Two major standard bodies which govern the multimedia transmission over IP network are: International Telecommunications Union (ITU) Internet Engineering Task Force

  • Voice Over Internet Protocol Voip

    Fundamentally, proxy servers get SIP messages and redirect them to the next SIP server in the network. Proxy servers are able to provide operations like authentication, authorization, network access control, routing, reliable request transmission, and security. (ii) Redirect server: Gives the client with information regarding the nest hop or hops which the message must take and subsequently the client contacts the next hop server and UAS directly. (iii) Registrar

  • Voice Over WiFi Technology Nowadays

    " The problem with these primitive models is that they are still mainly oriented on data retrieval rather than optimal voice transmission. However, research is well on the way and it seems that it will be less than a year before we can talk about Voice over WiFi or VoWiFi. On the other hand, it is obvious that there are several problems that the VoWiFi providers will have to deal with

  • VOIP Advantages Disadvantages and Security

    12). Each would require however separate DHCP servers so that firewall protection could be easily integrated within the system (Kuhn, Walsh & Fries, 2005; Flatland, 2005). H.323 SIP and other VOIP protocols can be disconnected at the voice gateway that interfaces with the PSTN to allow for stronger authentication and access control on the gateway system (Kuhn, Walsh & Fries, 2005). However this can make key management problematic. Other

  • Voice Technologies the Past Standards

    Currently, all the traffic among the different units passes via the novel centers and because of this Grant Thornton was also capable of reducing most of the fixed point-to-point circuits which had linked nearly all of its units. The savings made throughout its 50 units was a phenomenal $300.000 annually for the entire company. Besides, with the complete elimination of the long-distance costs, Grant Thorton was able to make

Read Full Term Paper
Copyright 2016 . All Rights Reserved