voipstudios

Overview

VoIP (Voice over Internet Protocol) uses the same paths as the network and Internet traffic; whereas it faces the same threats and challenges that are more commonly linked with the Internet. Viruses, Trojan horses, Worms, Denial of Service attack, call termination, eavesdropping, call hijacking, etc. are all possible threats on the VoIP network. Voice traffic in VoIP can now be hacked, attacked, degraded, re-routed and intercepted just like any data packet on the IP network.

In order to acquire full features of VoIP, the security and network infrastructure has to tackle the challenges emerging from the use of this technology.

Potential threats

VoIP technologies are subject to the same potential threats that any IP-based network faces. Some of the threats a VoIP technology may face includes –
• Man-in-the-Middle (MITM) attack.
• Call Termination.
• Call Hijacking.
• Denial of Service (DoS) attack.
• Password Cracking.
• Call Leaflet attack.
• Eavesdropping.

To protect against these threats, VoIP security solution needs to perform the following functions–

• Authentication of the peer.
• Securing the media channel.
• Securing the devices.
• Data protection and Integrity.
• Securing the signaling channel.

Protection against threats

The government and military organizations are using Secure Voice over IP (SVoIP), Secure Voice over Secure IP (SVoSIP) and Voice over Secure IP (VoSIP) to protect confidential communications. These are accomplished by using Type 1 encryption or Type 1 product like SIPRNet.

• Type 1 encryption (Type 1 product) – It is a classified system or device used for securing sensitive and classified information. It is certified by NSA (National security Agency). Type 1 certification is a rigorous process that includes testing and formal analysis of functional security, cryptographic security, emissions security (EMSEC/TEMPEST), tamper resistance and security of the product distribution and manufacturing process.

• Secret Internet Protocol Router Network (SIPRNet) – SIPRNet is used by the US Department of State and United States Department of Defense. It is a system of interconnected computer networks to transmit classified or secret information by packet switching over the TCP/IP protocols. It also provides services like electronic email and hypertext document access.