VOIP Security

Business Hosted VoIP Provider
Provider Plan Details Monthly Rate*
Jive Communications Smart PBX
  • Unlimited Use of All Features
  • Unlimited Local and Long Distance Calling
  • No Contracts or Hidden Fees
$19.95
Details
Nextiva Nextiva Office
  • No contracts for low rates
  • US-based support is 24/7
  • Unlimited calling (US & Canada)
$19.95
Details
Vocalocity Small Business VoIP Phone Systems
  • Unlimited calls (US & Canada)
  • Sophisticated features included automatically
  • Flat rates, no contracts
$19.99
Details
RingCentral RingCentral Office
  • Setup & Activation Included
  • Unlimited Calls, Fax, SMS, & no contract
  • Trusted by 300,000 Businesses
$19.99
Details
Residential Hosted VoIP Provider
Provider Plan Details Monthly Rate*
ITP VoIP Phone Service
  • 2 months free for voip-info.org users
  • Free VoIP phone adapter
  • Scalable unlimited calling plans
$8.32
Details
Voipo Home Phone Service
  • Unlimited calling to US & Canada
  • Includes 60 international minutes
  • 40+ features
$6.21
Details
Axvoice Home Phone Service
  • Unlimited calling: US and Canada
  • No activation fee. Free hardware.
  • Money back guarantee.
$6.25
Details
Phone.com Home Phone Plus
  • Contract-free service
  • Voicemail-to-email included
  • Customized monthly plans w/low rates
$6.99
Details

VOIP Security Issues:

  • Interception of calls
  • Denial of Service Attacks
  • Theft of Service
  • Exfiltration of data via media session
  • Malware embedded in signaling and media session

Interception of Calls

VOIP phone calls are fairly easy to capture and decode if you one has physical access to a LAN segment that the VOIP packets travel accross. Fortunately, with most enterprises using Ethernet switches instead of hubs, there are a limited number of locations this is possible.

Countermeasures
  • Physical Security
  • Encryption - not yet widely available for VOIP services
  • Secure wireless networks

Denial of Service Attacks

Sending spurious traffic to VOIP services or endpoints to disrupt normal service.

Countermeasure
  • Some Session Border Controllers have DoS countermeasures built in.


Theft of Service


Countermeasures
  • Use Authentication features of VOIP protocols
  • Encryption
  • Physical security
  • Secure wireless networks

Exfiltration of data via media session

Sending data out via the media session. RTP as a covert communication channel.

Countermeasure
  • Deep Packet Inspection of all outgoing media streams

Malware embedded in signaling and media session

Malformed SIP and RTP (or other signaling/media streams) with malicious payloads

Countermeasures
  • Deep Packet Inspection of all incoming signaling and media streams

VoIP and Unified Communications Security

http://ucsecurity.wordpress.com - All about Cisco UC Security. Your one step guide to building, designing, and maintaining secure Cisco UC solutions.

VoIP Security Forums


VoIP Security Training


See Also:

  • SIP security
  • Securing Internet Telephony: Encrypting Voice with VoIP-over-VPN Ever wonder who eavesdrops on your VoIP conversations? Unencrypted VoIP compromises information security for companies that handle sensitive information and the carriers that serve them. This Patton Electronics white paper explains how you can make your Internet Telephony solution completely secure. Find out why VoIP-over-VPN technology is more expedient than emerging CODEC-based approaches such as SRTP and SIP TLS. You'll also learn how Internet Key Exchange (IKE) simplifies VoIP installation at the same time it strengthens information security
  • easySysAdmin easySysAdmin is an automated support/security platform, designed to save your engineer's time and prevent hacking attempts. Specifically of interest to Asterisk users is the monitoring of SIP registrations, and automatic blocking of repeated failed attempts. In addition, "bad" IP addresses are shared via the service so other users can block them pre-emptively. For more information and the free trial visit our web site.
  • VOIP Phreaking Presentation at the 22nd Chaos Communication Congress
  • Best Practices for VoIP Security Whitepaper
  • VOIPSA threat taxonomy from VOIPSA
  • SecVoIP - Just another VoIP Security, Unified Communications Security, Video over IP Security, VVoIP Security Blog.
  • Tactical VoIP Independent security consultants offering contract VoIP security audit, secure design, and forensic investigation services. Available World-wide. Currently serves Fortune 500, Government, and Industrial clients.
  • VoIP Ninja Small group of ethical independent security researchers conducting real world security evaluations of VoIP devices as a public service effort to improve VoIP security. Completely independent effort and unaffiliated with any VoIP device vendors. Responsible and public disclosure of device vulnerabilities. Vulnerability information is not sold
  • WebCDR Anti-Fraud - Cloud-based VoIP fraud detection (from $300 a month)
  • SIP Security and the IMS Core - Whitepaper that looks at the security issues associated with deploying VoIP based on an IMS core and the need to create a survivable core.
  • IPsec in VoIP Networks - White Paper, looks at the different flavours of IPsec and the issues they encounter with NATs. Examines TISPANs selection of UDP encapsulated IPsec to provide signalling security, and authentication whilst still being able to achieve NAT traversal
  • SIPVicious - a blog covering VoIP security and focuses especially SIP related issues
  • Humbug Telecom Labs - Cloud-based VoIP security and telecom fraud detection platform for service providers and enterprises
  • http://ucsecurity.wordpress.com - All about Cisco UC Security. Your one step guide to building, designing, and maintaining secure Cisco UC solutions.
Created by: admin, Last modification: Mon 18 of Mar, 2013 (06:02 UTC) by ucsecurity


Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+

Page Changes | Comments

 

Featured -

Search: