Any device which is connected to the internet is susceptible to be hacked by the hackers. Voice over Internet Protocol (VoIP) is a transmission technology of sending voice communications and multimedia sessions over the internet. Therefore, VoIP telephone systems are also susceptible to attacks by the hackers. Hackers can institute denial-of-service attacks, record conversations, harvest customer data etc.
Another challenge for VoIP is call routing through network address translators (NAT) and firewalls. NAT is a process of changing network address information in IP packet headers for the purpose of remapping one IP address space to another.
VoIP uses Private Session Border Controllers (SBC) along with the firewalls to route the call from/to protected networks. SBC is a device which is used to control the signaling and media streams involved in setting up and tearing down the telephone calls.
SBC offers the following functions –
• Connectivity – It means different part of the network can communicate.
• Security – Protecting the network and the other devices from attackers.
• Regulatory – Providing support for regulatory environments such as emergency calls.
• Quality of Service (QoS) – QoS policy of network is implemented by SBC.
• Statistics – SBC collects information and statistics of a session.
Information about a call is almost as valuable as the voice content. For example, a negotiated signaling server used to manage and setup calls, might give in the information like a list of incoming and outgoing calls, their parameters and durations. Using just this information, an attacker could map all of the calls on your network, creating composite conversation records and user tracking.
Two security standards, the Secure Real-time Transport Protocol and the ZRTP are used for securing the VoIP.
Following goals are defined in terms of security –
• Authentication – to prevent fakes of communication partners and proof of data origin.
• Confidentiality – to protect personal data and transmitted information against unauthorized access.
• Integrity – to detect and protect personal data and transmitted information against being altered.