Welcome To Network Systems Training UK Ltd - Telephone 0845 519 7752
0845 519 7752
  • Home
    • Contact Us
    • How We Work
    • About Us
    • Press Centre
  • Training
    • Our Courses >
      • TCPIP - A Practical Foundation
      • TCP-IP and LAN Technologies
      • Beginners Introduction to Networking
      • Routing and Switching
      • Introduction to VoIP
      • Voice over IP with SIP
      • Networking and Systems
      • Practical Introduction to IPv6
      • IPv6 Overview
      • Introduction to Cisco IOS
      • Broadband Technologies
      • The Fundamentals of Fibre Optics
      • Introduction to NGN
      • Next Generation Optical Networks
    • Scheduled Courses >
      • Course Schedule
      • Manchester Schedule
      • Liverpool Schedule
    • Featured Training Courses
  • On-Site Training
  • Training Needs Analysis
  • Training Course Design
  • Online Technical Training
    • Online Training Courses
  • Forums
  • Blog

Why Do We Need to Secure VoIP?

5/15/2015

0 Comments

 
VoIP technologies are fast becoming the telephony system of choice for businesses large and small, due to the fact that they can be more cost effective than traditional phone services. Often the company VoIP network is integrated with the data network, and is in fact just another service or application running on the company data network.

A single integrated network is often convenient and easier to manage and administrate than two separate voice and data networks. Unified communications make it easier for users to access other services such as voicemail, e-mail, fax and text messages over the single infrastructure.

The VoIP traffic itself can be divided into two main categories, firstly the digitised, packetised speech and of course the signalling traffic which in most cases today uses SIP (Session Initiation Protocol). When we use a standard telephone we assume that the telephone company is keeping our conversation safe from those that might want to listen in, but what about VoIP?

VoIP signalling and data is created and sent across the network in packets like other data such as email, file transfer and HTTP. Some of the signalling may include credit and billing information, as well as the usual user identification. If this information is sent in clear across a private network, and more importantly across the Internet then hackers and fraudsters could obtain sensitive information about the user. The voice conversation is converted into a digital format using a codec (coder / decoder), and if intercepted could be decoded through the use of an identical codec.

Most users would be concerned if they thought that there was the possibility of hackers listening in on their conversations, known as eavesdropping. There are laws in most countries that prohibit the interception of communications, whether they be over a telephone network or in the case of VoIP, over a data network. But this doesn't mean that determined people will not try to do so. There are a lot of free tools available on the Internet that will allow an attacker to capture a VoIP conversation and play or replay almost in real time. Wireshark is one such basic tool that can be used for this purpose, and there are some even more sophisticated intercept tools.

SIP signalling protocol signalling messages normally contain plain text information, so a hacker or potential eavesdropper with sufficient technical knowledge could interject and re-route a calls, spoof calls or even disrupt calls that are already in progress.

VoIP calls can be intercepted by redirecting the call to what is referred to as a "man-in-the-middle" proxy, which is a SIP server which has been configured to monitor the call.

There are two general areas we look at with VoIP security which are digest authentication and TLS (Transport Layer Security). SIP comes with a configurable  challenge-based authentication, not dissimilar to that used with secure HTTP. Authentication information is contained as part of the SIP header to initially challenge a server or recipient, which must reply with the correct credentials. Transport Layer Security is a recognised protocol used to establish a secure connection between two devices, usually a client and server. TLS can use a number of authentication protocols and encryption protocols to ensure the VoIP call is secured. Authentication and Encryption for VoIP will be discussed in a later post.

VoIP Security is discussed on some of our instructor-led training courses, which we are constantly updating.

0 Comments

    RSS Feed

    View my profile on LinkedIn

    Archives

    March 2017
    October 2016
    February 2016
    December 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    November 2014
    October 2014
    August 2014
    June 2014
    April 2014
    February 2014
    January 2014
    December 2013
    November 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013

Powered by Create your own unique website with customizable templates.