login | register
Sat 17 of May, 2008 [12:09 UTC]

voip-info.org

Navigation
Today's Deals
Recently Visited Pages
Search with Google
Search this site with Google. Results may not include recent changes.
 
Google Ads
Last Changes
Shoutbox
  • Juan Ortega, Thu 15 of May, 2008 [10:33 UTC]: Hi everybody, I'm Juan, an ITCom student, and I need to know what basic elements I need to create a VoIP network. Can anybody helpme, please?,Thank you very much
  • gineta, Wed 14 of May, 2008 [03:58 UTC]: any here not fine the configuration of firewall juniper -screem for VOIP asterisk????
  • Anoop Prabhakaran, Tue 13 of May, 2008 [12:16 UTC]: I am developing Asterisk IVR, Whenever i make a internation call to the IVR system, the DTMF is not getting detected properly, this happens only for the first time, second call onwards system works fine. why this is happening
  • joe, Mon 12 of May, 2008 [04:27 UTC]: Is there an opensource browser based softphone, or a system like Busta where everything is not manages through their website?
  • Nick Barnes, Fri 09 of May, 2008 [11:36 UTC]: Christopher - yesterday I tried an Asterisk install on a CentOS 5.1 box with stock GUI and it all worked fine. Sorry I can't help.
  • aero, Fri 09 of May, 2008 [08:20 UTC]: can someone help me out on this, i tried to play some sound files on my asterisk box and this is the error message i got. WARNING[4429]: format_wav.c:169 check_header: Unexpected freqency 22050 May 8 11:17:39 WARNING[4433]: codec_gsm.c:194 gsmtolin_fra
  • Christopher Faust, Thu 08 of May, 2008 [14:15 UTC]: I beleive that I may have to change something in the xserver configuration. Please advise
  • Christopher Faust, Thu 08 of May, 2008 [14:14 UTC]: Everything was perfect. In the bios I have increased the memory allocated Still receive input not supported on my display.
  • Christopher Faust, Thu 08 of May, 2008 [14:13 UTC]: This would not be my main box. I am doing some testing to see if I can install zaptel and asterisk 1.4 on a full centos 5.1 box with development software Its bizzare, because before I went through the asterisk and zaptel installation everything was perfe
  • Nick Barnes, Thu 08 of May, 2008 [13:44 UTC]: Christopher - I can't see any way in which an Asterisk installation would muck your GUI, but remember that it is advised not to use a GUI on an Asterisk box anyway.
Server Stats
  • Execution time: 0.34s
  • Memory usage: 2.18MB
  • Database queries: 33
  • GZIP: Disabled
  • Server load: 0.84

VOIP Security

VOIP Security Issues:

  • Interception of calls
  • Denial of Service Attacks
  • Theft of Service

Interception of Calls

VOIP phone calls are fairly easy to capture and decode if you one has physical access to a LAN segment that the VOIP packets travel accross. Fortunately, with most enterprises using Ethernet switches instead of hubs, there are a limited number of locations this is possible.

Countermeasures
  • Physical Security
  • Encryption - not yet widely available for VOIP services
  • Secure wireless networks

Denial of Service Attacks

Sending spurious traffic to VOIP services or endpoints to disrupt normal service.

Countermeasure
  • Some Session Border Controllers have DoS countermeasures built in.


Theft of Service


Countermeasures
  • Use Authentication features of VOIP protocols
  • Encryption
  • Physical security
  • Secure wireless networks

VoIP Security Forums


VoIP Security Training


See Also:

  • VOIP Phreaking Presentation at the 22nd Chaos Communication Congress
  • Best Practices for VoIP Security Whitepaper
  • VOIPSA threat taxonomy from VOIPSA
  • Tactical VoIP Independent security consultants offering contract VoIP security audit, secure design, and forensic investigation services. Available World-wide. Currently serves Fortune 500, Government, and Industrial clients.
  • VoIP Ninja Small group of ethical independent security researchers conducting real world security evaluations of VoIP devices as a public service effort to improve VoIP security. Completely independent effort and unaffiliated with any VoIP device vendors. Responsible and public disclosure of device vulnerabilities. Vulnerability information is not sold
  • SIP Security and the IMS Core - Whitepaper that looks at the security issues associated with deploying VoIP based on an IMS core and the need to create a survivable core.
  • IPsec in VoIP Networks - White Paper, looks at the different flavours of IPsec and the issues they encounter with NATs. Examines TISPANs selection of UDP encapsulated IPsec to provide signalling security, and authentication whilst still being able to achieve NAT traversal
  • SIPVicious - a blog covering VoIP security and focuses especially SIP related issues
Created by admin, Last modification by Sandro Gauci on Tue 20 of Nov, 2007 [17:30 UTC]

Comments

Please update this page with new information, just login and click on the "Edit" or "Add Comment" button above. Get a free login here: Register Thanks! - support@voip-info.org

Page Changes | Comments

Sponsored by:
Terms of Service Privacy Policy
© 2003-2008 VOIP-Info.org LLC

Powered by bitweaver