Login Signup
Verified Document

Voice Over IP VOIP Security Term Paper

Related Topics:
Port Security Forgery Internet Protocol Cisco Systems
Open Document Cite Document

Voice over IP (VoIP) Security Voice over Internet Protocol or VoIP refers to making use of telephone services over that of the computer networks. During the first part of the process, the VoIP makes an analog signal which is evolved from the speaker's voice. It is then transferred to a digital signal and further transfers over that of an IP network and this is well inclusive of the Internet. Voice over Internet Protocol is also inclusive of any types of software, hardware, or even that of the protocol which could be linked to VoIP. There are very many examples which could be found relating to VoIP technologies which are being widely in use and there are several of these technologies being provided by various companies. Their various systems have the necessity to make use of analog telephone adapters in such a manner so that the standard type of telephones could be used on various IP networks. Another method of using it is by means of implementing the software's and what it needs for this purpose is that of a PC and headphones. There are also various open source applications of this technology that promote the use of a complete system of PBX functionality.

Analysis:

One of the important things is checking the quality of speech that is going to go through a VoIP system or is combined with other systems. This has led to the development of new systems like QPro, which measures quality. It also enables the simulation of systems at various levels and offers a detailed measurement and assessment of the tested network or system component. The online statistics and results are displayed as in Figure 1. It makes analysis of the quality of calls and this is displayed in reference and network degraded waveforms as shown in figure 2. It can also be seen as voice distortion graphs as shown in Figure 3. The end results of end causes distribution and success graphs can be shown as in Figure 4. The entire circuit can also be shown as a Figure as in Figure 5. These are just analysis of VoIP systems, but do not have to do anything to do much that of with security directly. (VoIP Performer- QPro - Ultimate Speech Quality Performance Testing)

According to information from Gartner, it is stated that by the year 2007, 97% of new phone systems which are installed in North America will be VoIP-based or hybrid. Despite the apparent ease-of-use of VoIP, the technology behind it contains a complex set of protocols, applications and appliances that should receive careful security attention. ISS has warned that security dangers regarding VoIP will continue to increase as the system becomes more popular. Internet Security Systems -- ISS has announced it has now provided protection for flaws the company discovered in VoIP technology that had been offered by Cisco, who are one of the top providers of VoIP technology. (Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure; Company Provides Protection for Customers against VoIP Vulnerabilities)

The most recent discovery of VoIP security flaws has been by ISS X-Force (R) team within the systems of Cisco's Call Manager, and that is a necessary component to the functioning of any Cisco VoIP software, since it performs tasks like call signaling and call routing. These vulnerabilities are attacked and the party is able to trigger a heap overflow within a critical Call Manager process. This causes both a denial of service condition and enables the attacker to completely compromise the Call Manager server. This could result in the attacker to redirect calls or eavesdrop, as well as gain unauthorized access to networks and machines running Cisco VoIP products. Compromise of VoIP networks and machines may result in exposure of confidential information, loss of productivity and also network compromise. The full ISS X-Force advisory on these flaws can be found at: http://xforce.iss.net/xforce/alerts/id/200. (Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure; Company Provides Protection for Customers against VoIP Vulnerabilities)

Even though it could be said that a wide range of making use of VoIP has evolved during the last several years, still the ideas which are at the back of VoIP could be considered as a relatively innovative approach and application of that of the old concepts. Packet switched data networks have been found to prevail for a considerably sufficient amount of time, and making use of these networks for the purpose of sending voice traffic to and for was an activity that was waiting to prevail. Multiple protocols for the purpose of managing VoIP traffic have been evolved,...

The National Institute of Standards and Technologies -- NIST have come out with a white paper that gives an improved idea of these protocols, and they are inclusive of detailed security analyses for each of the protocols. (Security Considerations for Voice over IP Systems)
Recent research, on the Cisco 7900 series VoIP phones, by Secure Test have revealed about security concerns which ar eto be taken seriously. Secure Test has separately tested the Cisco 7900 since this is probably the most widely used enterprise VoIP solution. Similar problems may as well be present in other vendor products. The systems were found susceptible to both DoS -- denial of service attacks and interception. It is now clear that when phone systems are transferred to an IP network they are susceptible to several of the same security concerns as Ethernet data networks. The more dangerous part of it is that phone systems may be difficult or even impossible to patch. Like several other IP devices Cisco's VoIP phones are vulnerable to ARP -- Address Resolution Protocol spoofing, allowing what is called 'man-in-the-middle' attacks and that includes data interception and packet injection. This means that any VoIP phone can be tapped by anybody else who uses a phone on the same network, and that any individual VoIP phone can crash easily and any VoIP network infrastructure is highly susceptible to DoS attacks. (Allsopp, 2004)

The modern business world is becoming more data-centric than ever before, yet, voice still rules as king. If a person wants to create a client relation, attain a business deal or discuss sensitive information, then it would be normally done over a voice network. At the same time, voice over IP can run foul of traditional security challenges that involve modern data communications, and that includes address spoofing for hijacking a phone number, or Denial of Service -- DoS attacks. This is possible due to a flaw of TCP/IP when the establishing of a connection takes place. Deploying a firewall will take care of such traditional assaults, but cannot deal with the more targeted attack taking place from sniffers and eavesdroppers. Eavesdroppers can easily get special software designed to convert miss-configured IP phone conversations into wave files, which can be played back on ordinary sound players. To take care of such activities and secure voice calls, businesses need to think about encrypting voice. One way is to do this via a virtual private network -- VPN tunnel, which may use AES or DES -- Data Encryption Standard. This will ensure encryption of the signaling and streaming components of a VoIP call. Another option is to make use of secure real time protocol -- SRTP for encrypting the streaming side of the VoIP call. (Porter, 2005)

During the last year, a lot of noise has been made about the alleged security failings of VoIP. The press has continuously warned about voice spam, spyware, phishing, eavesdropping, and Denial of Service -- DoS attacks. There is also a feeling that the firewall and carrier communities are promoting much of this coverage, and they have a vested self-interest in showing VoIP security situation as very gloomy. In fact, VoIP security is probably no worse in comparison to the security of e-mail and traditional phone networks and may be expected to dramatically improve in the future years. The situation today is that most VoIP networks today are independent of one another and this is due to the wide majority of enterprise VoIP networks not accepting external VoIP calls. This makes these networks even more protected against phishing, spam, and forgery of identity. (Mahy, 2005)

Again, the very properties of voice make it an inherently less interesting target for hackers when compared to data files or e-mails as voice cannot be searched or skimmed through. Eavesdropping in a traditional telephone network is comparatively straightforward and the attacker only requires access to the physical line and inexpensive equipment. In comparison, eavesdropping on VoIP in an IP network requires administrator access to the switch along with an attachment to the switch's span or monitoring port. Only this will permit the attacker to gather packets from another switch port. Against this, using a wireless network with a VPN or strong Layer-2 encryption such as Wi-Fi Protected Access -- WPA will provide better security. (Mahy, 2005)

Conclusion:

The technology is new and developing very fast, and this makes it difficult…

Continue Reading...
Sources used in this document:
REFERENCES

Allsopp, Wil. (22 March 2004) "VoIP - Vulnerability over Internet Protocol" Retrieved from http://www.net-security.org/article.php?id=667 Accessed 11 October, 2005

"Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure; Company Provides

Protection for Customers against VoIP Vulnerabilities" (13 July, 2005) Business Wire. Retrieved from http://www.investors.com/breakingnews.asp?journalid=29005350

Accessed 11 October, 2005
58/SP800-58-final.pdf" http://csrc.nist.gov/publications/nistpubs/800-
the source of warnings about VoIP security carefully" Retrieved from http://www.itarchitect.com/shared/article/showArticle.jhtml?articleId=169400802&; classroom= Accessed 11 October, 2005
Porter, John. (4 April 2005) "Stolen Voices - The Challenge of Securing VoIP" Retrieved from http://www.net-security.org/article.php?id=779 Accessed 11 October, 2005
"VoIP Performer- QPro - Ultimate Speech Quality Performance Testing" Retrieved from http://www.sygnusdata.co.uk/2_part_radcom_perfvoip_qpro.htm
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
IP Address
Words: 554 Length: 2 Document Type: Term Paper

Private IP Address The use of a private IP address on a business computer network has a number of advantages, one being an improved network security as well as a corporate social responsibility of conserving public addressing space. These IP addresses are commonly used on local networks and are good for businesses that share data as well as voice information. The company's computer network will not connect to the internet with this

Read More
Essay
Ip Address and Security
Words: 3513 Length: 16 Document Type: Essay

Kris Corporation's parent domain (kris.local) and child domain (corp.kris.local) for the organization's AD infrastructure are running on Server 2008. The following are concerns related to AD: (1) Kris Corporation is concerned about running multiple domains, and (2) automobile manufacturers are asking Kris Corporation to use a single identity to procure orders in real time. The company has five locations in Atlanta (GA), Baltimore (MD), Chicago (IL), Seattle (WA) and San

Read More
Essay
TCP IP Protocol
Words: 1088 Length: 3 Document Type: Term Paper

TCP/IP Protocol Suite For the average computer user, TCP/IP probably doesn't mean a whole lot, except maybe when it comes to "configuring" their computer so they can get online, but without the TCP/IP protocol, the activity experienced on the Internet up until this point would not be possible. This paper will examine some of the components of the TCP/IP protocol and explore their uses as they apply to relevant parts

Read More
Essay
Ip Man The Grandmaster and Women in Kung Fu
Words: 4082 Length: 13 Document Type: Essay

Grandmaster and Gong Er: Wong Kar Wai's Ip Man and the Women of Kung Fu Wong Kar Wai's Grandmaster begins with a stylish kung fu action sequence set in the rain. Ip Man battles a dozen or so no-names before doing a one-on-one show with another combatant who appears to be at equal skill and strength. Ip Man handily defeats him and walks away unscathed. Thanks to fight choreography by Chinese

Read More
Essay
China IP China's Intellectual Property Rights Protections
Words: 1981 Length: 7 Document Type: Essay

China IP China's intellectual property rights protections have come a long way since 1978, but there remains room for improvement. While the de jure situation with respect to protecting intellectual property rights approaches Western standards, the enforcement or de facto situation is less encouraging. Western companies have a difficult time enforcing the patchwork of laws and often fail to win judgments significantly large to serve as a deterrent to IP thieves. There

Read More
Essay
Computer Forensic Investigation Making an
Words: 3228 Length: 12 Document Type: Research Paper

Typically, a database uses either the simple recovery model or the full recovery model. The full recovery model can be supplemented by switching to the bulk-logged recovery model before bulk operations." (Microsoft, 2010 P. 2). Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now